Manually remove virus that creates a lot of copies.

[Do you consider modding and / or overclocking a form of art in the digital age?]

Do you consider modding and / or overclocking a form of art in the digital age?
Yes - modding activities only
	2 (13%)
Yes - overclocking activities only
	0 (0%)
Yes - BOTH overclocking and modding activities
	11 (73%)
No
	2 (13%)
Total Voters: 15

[draw_paintatoms]

Have you tried being infected by a virus that creates a lot of copies mostly on every folder and subfolders that your AV(s) were unable to detect?
This usually happens on your USB drives or a directory that is shared on the network with full access. The good news is each copies share the same file size and date last modified. Below is a Windows batch script I'd like to share that will search these files and deletes it. Copy paste it on notepad.

@echo
FOR /f "tokens=* delims= " %%i in ('dir /a/s/b "C:\Shared Files\*.exe"') do (if %%~zi EQU 529920 echo %%i>>exe.txt)
FOR /f "tokens=1,* delims=: " %%j in (exe.txt) do (if "%%~tk" EQU "05/24/2008 12:53 AM" del /f /a "%%j:%%k")
pause

The text in blue is the directory where you want this script to search. Other examples are "F:\", "C:\Documents and Settings\"
The text in red are the virus files which are usually .exe files. If not then change it to whatever it is.
The first green text in the second line is the size of the virus file (notice without comma).  Ex as above the file size is 529,920 bytes.
The last green text in the third line is the date the virus file was last modified (not created).

The only thing you will do is to right click one of the virus copies and select properties. Then supply the informations on the colored texts in the script. Save it as .bat file and run it.

How it works?
The second line will search all .exe files on the specified directory and check it if the file size is as what was specified. If true then it will save the directory path of the virus file to a text file named exe.txt saved in the same directory where you run this batch script.
The third line will check all the virus file (based on the exe.txt file entries) if the date last modified was the same on what was also specified. If true then it will delete these files.
You can view what files are being deleted by opening the exe.txt file.

[darkangel]

hmmm, nice tutorial!

this has to wait till i encounter such virus. its good to know that we have a reserve arsenal.

Thanks for sharing.

[Justin]

Nice tutorial bro draw_paintatoms. This could help a lot bro. Bookmarked.

Take care and God bless.

[ysNoi]

TFS bro..! I'll try this out..

[Sylpher`Silverthorn]

Good afternoon..

I actually have this problem and implemented what had been advised..

It would delete the copies but after it did the New Folder.exe would just pop up again which uses up a lot of space on my Flashdisk and hard drive..

Is this suppose to be a permanent solution or temporary one?

Thanks..

 

[draw_paintatoms]

hello Sylpher`Silverthorn,

This would be a permanent solution if the virus Process has been killed or ended. In your case, I think the virus is still active in your system. What I would do is download and run Process Explorer and kill the process or processes that has a folder icon. In your case maybe New Folder.exe.
After it has been killed you can do the script posted below. You might also want to scan your systemroot folder, the virus resides there.
I would like to point out though that scanning it with your Antivirus software is still the best idea. Because a mistake on the script might delete useful files(make sure you are correct with the FILESIZE and DATE). I only use this script when my AV goes lazy and is unable to detect these virus files.

Please browse this forum for related topics with your problem. Thanks for posting!

[Sylpher`Silverthorn]

Thanks..

Gonna try it out..

Though when you said that I should use my anti-virus, my anti virus doesn't recognize the virus so I hope this works..

I'll try to tell you the results as soon as possible..

 

[draw_paintatoms]

Im eager to hear the results! Your welcome.

[pcruztemp]

in general, for hard to remove viruses, scan in safe mode/first boot

I've seen only one AV that was intelligent enough to say "hey boss, I cant remove this virus, do you want to reboot and scan in first boot mode?"

IMHO this should be standard


note: i'm not sure if "first boot" is the correct term. It means the AV loads and runs its virus scanner to scan the entire drive as the first program that runs after the OS core loads, before any virus has a chance to load, even before the desktop loads.

[cyberXpert2008]

Using an antivirus software to protect your PC against malware infection is usually a good idea for home users. But for over 4 years of my experience in this field, i say that it is better to use a disk protection software (if im right with that term)...

These software is best for users who don't have the leisure of time to make a maintenance check on their PCs.

Disk Protection Software like Deep Freeze and Shadow Defender also provides a great protection against computer viruses, as these software prevents any attempts in rewriting the computer system.

The only drawback of these is that you won't be able to save your files in the system. As i said earlier, any attempts at rewriting the system is removed once the computer is restarted.

To compensate for this, you could partition your drives, one for the system and one for your personal files.

To achieve a better protection, you could also use a smart and reliable antivirus software like NOD32, Kaspersky, Avira, Avast, or AVG in combination to this technique...


I hope this tip would serve a good purpose to others who don't have the time to groom up their PCs but still want to protect it from damage, and at the same time save money for the PC repairs.

[darkangel]

Using an antivirus software to protect your PC against malware infection is usually a good idea for home users. But for over 4 years of my experience in this field, i say that it is better to use a disk protection software (if im right with that term)...

These software is best for users who don't have the leisure of time to make a maintenance check on their PCs.

Disk Protection Software like Deep Freeze and Shadow Defender also provides a great protection against computer viruses, as these software prevents any attempts in rewriting the computer system.

The only drawback of these is that you won't be able to save your files in the system. As i said earlier, any attempts at rewriting the system is removed once the computer is restarted.

To compensate for this, you could partition your drives, one for the system and one for your personal files.

To achieve a better protection, you could also use a smart and reliable antivirus software like NOD32, Kaspersky, Avira, Avast, or AVG in combination to this technique...


I hope this tip would serve a good purpose to others who don't have the time to groom up their PCs but still want to protect it from damage, and at the same time save money for the PC repairs.

Absolutely agree with this suggestion for beginners on pc usage!

This i did to some of my clients.

Great idea! Thanks for posting that. 

[draw_paintatoms]

Hi Sylpher`Silverthorn, just in case you want an alternative for the batch script below, I made an application (.exe) that functions just the same. Just drag n drop one of the virus' copy to this application and click some few buttons and you're done. Get it here for free. Download
Post here your questions if you have some.