Today i came across a virus that attacked my PC running on Windows XP. I reckon the virus originated from an external source and entered my PC through my flash drive which i plugged into an unreliable PC earlier today. The first sign of virus to me was the autorun.inf file created in my flash drive. I make it a point to not keep a autorun.inf file in my flash drive and i have disabled all autorun features completely in my PC to prevent these viruses from infecting my PC. But somehow this bugger creeped through..or maybe the mistake was on my part, whichever!
Almost all viruses create a process to run in your system. This serves many purposes; carrying out the actions the virus was designed for, preventing the .exe file of the virus from being deleted, and preventing any user (even the computer Administrator) from stopping the process.
This particular virus creates a process titled regsvr.exe. Being more fascinated than intimidated by viruses, i delved deeper to find the roots of the bug and found out that the process exists in the system32 system folder (i.e. C:\Windows\system32\). The beauty of the deception is that Windows itself has a system process titled regsvr32.exe (mind the 32 at the end!). The virus attempts to pose as this legitimate windows process and get the needful done.
Now for how i nailed the sucker..
First, i opened the "Processes" tab under the Task Manager (Ctrl+Alt+Del will give you the task manager or a list of options of which one option is the windows task manager). Then i stopped the process titled regsvr.exe. Then i browsed to the system32 folder and deleted the regsvr.exe file. If you are following these steps, make sure u don't mix up regsvr.exe (the virus executable file) and regsvr32.exe (the legitimate windows executable file)!
The above simple process should get rid of the regsvr.exe virus on your system. Mind that this procedure can be used in many more viruses in circulation today.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment