Saturday, January 17, 2009
kaitor
I just finish format and install fresh windows in my desktop, when trying to open D drive, i got an error "C:/recycled/boot.com is not a valid win32 application". I believe the virus come from my pen drive. I had search on the internet how to remove this worm and after doing a long searching, here is the stps by steps to remove the worm.
First remove Autorun.inf. Deleting Autorun.inf is easier for me because i had done this many times. Just go to Start > Run : type CMD and press enter. Copy paste code below into command prompt.
cd\
c:
attrib -r -s -h autorun.inf
del autorun.inf
d:
attrib -r -s -h autorun.inf
del autorun.inf
e:
attrib -r -s -h autorun.inf
del autorun.inf
Until the problem is fixed DO NOT dbl click any drive in MY Computer, right click-’explore’ to view it instead
1) Navigate to the problem drive(s) via the Explore option.
2) Click on TOOLS -> FOLDER OPTIONS
3) Click the button which says ‘Show hidden files and folders.
4) UNCHECK the following boxes:
Hide extensions for known file types
Hide protected operrating system files
5) Find and delete the autorun.ini file and the resycled folder on the root directory of all affected drives.
6) Check “c:\windows\system32\dllcache” for boot.com file and delete it if present.
7) Check “c:\windows\prefetch” for boot.com file and delete if present.
8) Delete all files from c:\windows\temp
(Some files may not delete, that’s ok, they’re in use by the system and not virus files.)
9) Delete all files from c:\Documents and Settings\[USER PROFILE]\Local Settings\Temp
(Again, a couple files may not delete, don’t worry.)
10) Run Regedit
11) Make sure you are at the very first entry of the registry hive. (y Computer should be hilighted) then click EDIT -> FIND
12) Search for “boot.com”. If it finds an entry, delete it. Keep hitting F3 until you’ve deleted all instances of boot.com in the entire registry.
13) Scroll the left comumn back up to the top and hilight the My Computer again at the top of the registry hive.
14) Click Edit -> Find again and search for ‘resycled’ and repeat as in step 13, deleting the entries as it finds them. (I found 2 of each)
15) Close registry editor and try opening the infected drives. They should work now.
Posted in
Computer
8 comments:
Wow! too technical for me. Kalo pc saya kena serang virus...terpaksa hantar pi kedai :(
scias.. it not very difficult.. just follow the instruction step by step, just try it.. and you will experience how easy it is.
It's work correctly... at the end just rename the label and it's ok! :) thank you
Iter..
baru juga saya ckap...my PC kena serang virus last night...sudah...arggghhhh...tensionnnnnn
WOW!!!! I thought my computer was totally messed up... Thanks for posting this info... It took a minute but it works!!! THANK YOU
No, it now says"indows cannot find resycled boot.com, thanks for messing up my machine further!
This is all great and fun, but now when i try to open my c: drive it says "this file does not have a program assoiciated with it for preforming this action. Create an association in the Folder Options control panel" ? can you help? :(
Hi, good day
maybe your windows already corrupted, you may try restore windows.
Post a Comment