Computer Infected Virus??

Sometimes an inexperienced will not relies their computers are infected with virus. This is because all of the virus can hide among regular file usually in c/windows/system32 (directory of windows systems). Sometimes, the virus can disguise themselves as a standard file and they can create a file that name autorun in your system windows and also other storages. So? How to discover the virus file and how to clean this virus easily from your computers, make sure your pc is safe from virus infection.
There are some situations of effect which indicated that your computer has been infected by virus. Remember that and take care of them, these situation are:
1. Unexpected images or messages are suddenly displayed
2. Unusual sounds or music are played at random
3. Your cd-rom drive are mysteriously open and close
4. Receive a notification from your computer firewall
5. Computers freeze frequently or encounters error
6. Computer slowdown when you start windows or start run new program
7. File or folder have been automatically delete or their contents are change
8. Your hidden file or folder cannot appear
9. Folder option, task manager, registry editor, cmd, run, control panel and other windows components can’t be run perfectly ( appear message ‘task manager has been disable by administrator)
10. Microsoft internet explorer freeze or functionally erratically e.g you can’t close windows or appear nonsense text or name like ‘Virus mawar mengganas!!!’
Sometimes these situations effect because of hardware or software problems and only 20% effect by virus infection. But if you sure your computer are safe from hardware and software problem and I really sure your computer are infected virus.
Below this is a few step can help you to clean the virus easy. If your computers are infected virus you have to try this…..

Delete Virus Files

1. Start menu>click ‘run’> and type ‘CMD’
2. Type these codes below one by one and press Enter

del %windir%\sscviihost.exe /a /f /q
del %windir%\system32\sscviihost.exe /a /f /q
del c:\sscviihost.exe

3. Also delete the files, just replace code “sscviihost.exe” with others code below:

• SCVHSOT.exe
• hinhem.scr
• blastclnnn.exe
• autorun.ini

4. Also find these files and delete it if they are still exist

• C:\WINDOWS\SCVHSOT.exe
• C:\WINDOWS\hinhem.scr
• C:\WINDOWS\system32\SCVHSOT.exe
• C:\WINDOWS\system32\blastclnnn.exe
• C:\WINDOWS\system32\autorun.ini
• C:\Documents and Settings\All Users\Documents\SCVHSOT.exe

Caution!!!!“Do not double click these files, otherwise you have to start from the beginning”

Delete Startup Launch of Virus

Removing autostart entries from the registry prevents the malware from executing at startup.
If the registry entry below are not found, the malware may not have executed as of detection. If so, proceed to the succeeding solution set.

1. Open Registry Editor. Click Startmenu> click ‘Run’, type ‘REGEDIT’, then press Enter.
2. In the left panel, double-click the following:

HKEY_CURRENT_USER>SOFTWARE>Microsoft>Windows>CurrentVersion>Run

3. In the right panel, locate and delete the entry:

Yahoo Messenger = “%Windows%\SSCVIIHOST.exe”
(Note: %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.)

Restoring Registry Entries

1. Still in the Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
2. In the left panel, double-click the following:

HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows NT>CurrentVersion>Winlogon

3. In the right panel, locate the entry:

Shell = “Explorer.exe SSCVIIHOST.exe”

4.Right-click on the value name and choose Modify. Change the value data of this entry to:

Explorer.exe

Removing Added Registry Entries

1. Still in the Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
2. In the left panel, double-click the following:

HKEY_CURRENT_USER>SOFTWARE>Microsoft>Windows>CurrentVersion>Explorer>WorkgroupCrawler>Shares

3. In the right panel, locate and delete the entry:

shared = “\New Folder.exe”

Deleting the Malware File(s)

1. Click Startmenu then click Find.
2. In the Named input box, type:

*.exe (and delete all files with 245kb size and below)

Hope this will helps you.. have yet to see if the virus attacks again… be careful with registry editor (regedit) because modified or delete the entry that are not suitable can damage your windows operation.
Thank to God…..

How to manually remove viruses!

Have you ever been in the position that you know you have a virus but you don’t have any antivirus? It’s almost impossible to remove it manual without knowing about a few tips and tricks.
After reading this, I’m sure you will know how to manual remove most of the virus lurking around. But that doesn’t mean you shouldn’t have any antivirus on your computer.
I suppose you already know what safe mode is. Press the F8 key some times when you start your machine. You have to do this when your computer is about to start the first windows components before welcome window logo’s appeared in your screen. In windows XP i think you can press space and then F8 when it asks you if you want to go back to previous working setting.
Enough talk about how to start you computer in safe mode, but if you want to manual remove viruses you almost every time have to do this in safe mode because in safe mode most viruses’ doesn’t start and running. Only some few windows file program component is allowed to run in safe mode.
After you start your computer into safe mode, log into administrator and open windows file in local c, search for all viruses in prefetch anf sys32 if you know what the virus file name and where the virus are hiding. After you found all the viruses, delete it manually.
Open the registry editor (click run in start menu type this and ok- ‘regedit’). You must go to the code keys below and add an: in front of the value of the string that you think its the virus. Like this, if string is "virus" and its value is "c:\virus.exe" change its value to ":c:\virus.exe". The: is like commenting out the value. But if you are sure it’s the virus you can just delete the string.
Here are the keys you maybe want to look at:

CODE KEYS:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce


The virus can start itself from some other places to’ win.ini’ is the most common files that viruses can use. So you should find the files named ‘win.ini’ and ‘system.ini’ and look through them and see if you find anything. After that look through the startup folder that is normally located in your profile directory in Start Menu\Programs\Startup and also look at misconfig in control panel under startup tab’s. Other than that, try searching for the virus executable to see if it’s hiding some other place in c/windows/system32.
Finally look through the list of services that window is running. This list is often located under control panel in services of administrator tools. After all the steps above just reboot your computer in normal mode and try to figure out if the virus is still there. If not SUCCESS if yes, try to go back to safe mode and hunt some more or you can use the task manager to stop all viruses programs running example, ‘gethtis.exe, oxbvpen.exe, obex.exe and so on’. After that, search for all virus files in windows/system32 and delete it.If not succes Off course this steps will not work on every virus out there, but many of them.

WARNING: Be careful when in the registry because you can cause serious damage to your system in there.