Thread: UnHack Me

If you are experiencing low-performance than before in your PC,
If you are getting irritated with pop-ups or spywares,
And If you are getting attacked by PenDrive of Memory Card Viruses,
Watch My steps if they can help you.......

Notice that If your PC takes a lot of time to start when you log in, if that is it means your PC's performance is getting sucked by another programs or viruses. Read my post and boost your PC's performance.
To follow my instructions, you may need to start your PC in safe mode[recommended]
Information About the Programs that startup with your PC as you log in:
When you start your Computer and log in, some programs run through the startup folder or registery. You will need to Remove the programs that you don't like and they appear non-useful to you. These Programs are mainly located at:
1. StartUp folder in StartMenu>All Programs
2. HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run Registery
The Option one can be changed by removing or adding files or shortcuts in the Startup folder
The Option Two Can be modified by
Start>Run And type regedit and press enter.
goto the registery i have written above and remove the keys and values of programs you don't like

To modify Both of these options at once
1. Goto Start>Run
2. Type MSCONFIG and press enter
3. Click on the startup Tab
4. Unmark the programs you don't like
5. Click ok and choose an option to restart or not to restart your PC

Spywares:
In short description, spywares are made to irritate you in many ways and steal your information. You can get rid of these ones by Removing thier entry through MSconfig as i explained it above.
some file names are regsvr32.exe and something that matches with it.

Also you can terminate these process like new folder.exe through task manager.

Pen Drive and Removable media viruses:

These viruses spread through the well known file, autorun.inf. This file is was used to run some file automatically for some game CD's/DVD's but now it is also used to spread the viruses.

What is Autorun.inf:
Autorun.inf is a text file that is hidded or sometimes showed in your removable media. It is used to run a application(exe), Windows NT command (cmd) or batch file (bat). it is the root of the viruses. Mostly it is protected by the processes that can be terminated via task manager.

Example of autorun.inf

[autorun]
open=regsvr.exe
shell\autoplay
shell\command=regsvr.exe

What will these two files will do?

When you plug in the pendrive or removable media and open it, autorun.inf file will execute the file regsvr.exe. the file regsvr.exe will hide himself in memory, copy itself in the HardDisk, hide the files extension {the words after a dot is extension}, hide your folders and display applications same as thier name and also they will add themselves in the startup entry. The file will start each time with your PC

Example:

when you plugged in an infected pendrive in the PC and Open it, autorun.inf will open regsvr.exe. Regsvr.exe will go in memory and copy and compress and encrypt it self in the C:\Windows\System32 Folder. It will add a startup entry so it can start with your PC. it will hide folders and make same applications like them to fool you. Each time you open the application, it will go in memory and also open the folder so you think that you have opened the folder.

Getting Rid of these files:

1. Create a batch file like this (copy it in notepad and save as file.bat)

Code:

@echo off
cls
c:>nul
cd..>nul
cd..>nul
attrib -s -h -r /s /d>nul
del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
d:>nul
attrib -s -h -r /s /d>nul
del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
e:>nul
attrib -s -h -r /s /d>nul
del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
f:>nul
attrib -s -h -r /s /d>nul
del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
g:>nul
attrib -s -h -r /s /d>nul
del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
h:>nul
attrib -s -h -r /s /d>nul
del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
i:>nul
attrib -s -h -r /s /d>nul
del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
j:>nul
attrib -s -h -r /s /d>nul
del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
k:>nul
attrib -s -h -r /s /d>nul
del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
l:>nul
attrib -s -h -r /s /d>nul
del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
m:>nul
attrib -s -h -r /s /d>nul
del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
n:>nul
attrib -s -h -r /s /d>nul
del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
o:>nul
attrib -s -h -r /s /d>nul
del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
p:>nul
attrib -s -h -r /s /d>nul
del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
q:>nul
attrib -s -h -r /s /d>nul
del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
r:>nul
attrib -s -h -r /s /d>nul
del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
s:>nul
attrib -s -h -r /s /d>nul
del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
t:>nul
attrib -s -h -r /s /d>nul
del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
u:>nul
attrib -s -h -r /s /d>nul
del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
v:>nul
attrib -s -h -r /s /d>nul
del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
w:>nul
attrib -s -h -r /s /d>nul
del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
x:>nul
attrib -s -h -r /s /d>nul
del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
y:>nul
attrib -s -h -r /s /d>nul
del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
z:>nul
attrib -s -h -r /s /d>nul
del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
d:>nul
attrib -s -h -r /s /d>nul
del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
attrib -s -h -r autorun.inf>nul

del autorun.inf>nul
echo                  Deleted Auto Run, delete other files manually
pause

Use this batch file to get rid of all autorun files(you will need to restart your computer if you have deleted autorun from Local Disks). This batch file will only delete the autorun.inf file so you need to remove the other files manually

2. Delete viral processes:

Press Ctrl+Alt+del to start task manager and click on processes tab. Now delete the processes what you saw in the removable media.

Some processes are important and they can be seen in safemode also {viruses won't work in safe mode}

3. Remove the Startup entry

Use Msconfig to remove the program entries

Now you got rid of autorun so you need to delete other files(used to execute with autorun.inf)

Goto My Computer>Tools>Folder Options>View and mark these options
Mark
Show hidden files and folders
Unmark
Hide extensions from known file types
Hide operating system files
Use simple file sharing

Now search in the all partitions of the HDD for the application.
Type *.exe in the search box and search, you will get lots of results
Click on the size option on the top and choose some common files to delete.

What to choose common in the files:

Same size, different name as folders, Icon same as folders.

Delete these files and your PC will be mostly Un-infected.

There is another example to delete viruses from removable media:

goto start>run type CMD and press enter

type the letter of removable media like this

X:

replace x with your removable media letter

now type attrib

you will see the attributes of the files

For example

SHR autorun.inf

Here s denotes system file, H denotes hidden file and r denotes read-only file.

Type attrib -s -h -r to remove all attributes.

type del autorun.inf

now delete those files using del command that are
1. SHR attribute
2. EXE, CMD or batch extension

Now the removable media is fine. Just remove it and plug it again to use.:thumbup1:

Hope you like my thread.

P.S. you can also use Unhack me if you don't wanted to use MSConfig.

Thanks for writing this post. Very helpful.

Originally Posted by Admin

Thanks for writing this post. Very helpful.

Most welcome Admin

Interesting!but very helpful....yeah I did experienced that kind of problems too and I guess everyone here who have their own computers..!! I will certainly follow all the instructions thanks..

Create a System Restore Point
or
Backup existing Registry before
attempting any changes in REGISTRY

good info mate!

Seems very good info, but I didn't vote as I a full time linux user and it is not useful to me and not bale to test.

Very good post :14:

Very helpful for a novice like me. Thanks.