Sunday, August 7, 2011

Latest version of Perl for download

If you don't have perl installed on your system then you can download from these following links:


For more download options look for following link:

Removing Autorun Newfoder.exe virus from your system



To remove this virus please follow the below steps:
  1. Search for autorun.inf file in your computer. If it's in read only mode, then change it by right clicking on it and then in properties uncheck the "Read Only" option.
  2. Now open it in notepad and delete all data in it and save it.
  3. Don't forget to change the status to "Read only" mode , so that virus can't modify it again.
  4. Click on Start -> Run -> gpedit.msc.
  5. User configuration -> Administrative template -> system -> Turn off autoplay -> Enable ( For all drives) refer to this link for more detail.
  6. Start-> Run->msconfig
  7. Startup tab & services -> search regsvr.exe and un-check all and click OK.
  8. select exit without restart.
  9. Control panel -> Scheduled tasks -> delete the Atl task, if listed there.
  10. Start -> run -> regedit
  11. Edit ->find -> search for regsvr.exe. Delete all regsvr.exe occurrences.
  12. Don't delete Explorer.exe if regsvr.exe appears with it. Delete only regsvr.exe.
  13. Goto [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] and modify value in Shell = Explorer.exe regsvr.exe and delete regsvr.exe from here.
  14. Now search for all occurrences of regsvr.exe in your system and delete them.
  15. Search for "svchost .exe" ( remember space between svchost & .exe) and delete all occurrences.
  16. Also search for "*.exe" and remove all virus affected files, don't remove any legitimate file( any installer file).
  17. Restart the system and enjoy..

For more detail on handling autorun.inf file, if you have option set for "don't show hidden files" and you are not able to see autorun.inf file then use following link for removing autorun.inf file.

Some more links you may be interested in:

Disabling Autorun/Autoplay using Registry editor


To get rid off virus affecting your system because of autoplay of drives please use below steps:
1. Type regedit on run prompt.
2. Navigate to below location:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
3. you will find a key value as "NoDriveTypeAutoRun" , which is one byte value.
4. Please set the value of key as "95" Hex value to disable autorun on removable media and Network drives.

Regedit
5. Be very careful while modifying reg values. Below table will explain you to understand the meaning of bits to set for disabling any type of media.

Value              Meaning
0x1/0x80   Disables AutoRun on drives of unknown type
0x4            Disables AutoRun on removable drives
0x8            Disables AutoRun on fixed drives
0x10          Disables AutoRun on network drives
0x20          Disables AutoRun on CD-ROM drives
0x40          Disables AutoRun on RAM disks
0xFF         Disables AutoRun on all kinds of drives


If any of the bit is set into this hex valye, that type of drive will be disabled for autorun.
Bit    Type of Drive
0/7    UNKNOWN

1       NO ROOT DIR
2       REMOVABLE
3       FIXED
4       REMOTE
5       CDROM
6       RAMDISK

For setting values you must always add 0x80 to the value of drive you want to set for.
A few examples for setting values:
for removable drives: 0x80 + 0x04 = 0x84 ( Hexadecimal addition)
for removable & fixed drives : 0x80 + 0x04 + 0x08 = 0x8C
for removable + fixed drives +CD ROM = 0x80 + 0x04 + 0x08 +0x20 = 0xAC(1010 1100)


For changing Autorun option using Group policy please refer to following links:

Disabling autoplay option in Windows XP using Group Policy
turning-off-autoplay-on-all-drives


Disabling autoplay option in Windows XP using Group Policy

Use following option to disable autoplay in ur system:
1. type gpedit.msc in run window and enter.
2. then goto Computer configuration->Administrative template -> System 




3. Then in right side u will find Turn off autoplay 





4. Double click on that and check "enabled" and select for "all drives"




5. Now click on apply and OK.
6. Similarly follow above steps step 3 to step 5 for 
    User configuration ->Administrative template -> System 


7. This setting for "User Configuration" is must. 


Steps for Advanced Users / System Admins:
if you want to Modify using registry edit then please goto this link.
Disabling Autoplay_Autorun using Registry editor for Advanced Users


Now when you insert any pendrive or any other media it will not be played automatically and you will be safe from Viruses.