Remove Happy Birthday Virus
Written on July 22, 2008 – 3:12 pm | by Sanil S
One of friend from Dubai told me about the Virus. He told me that their outlets got affected by this virus, its spreading very fast. It will loaded in the first time and will get affected in 1 - 2 weeks time. The name of the virus is Happy birthday virus.
Which all medias used for spreading?
Usually there are 2 main media’s that spread this Virus. One is emails another one is thumb drives. Be very care if you are using outlook as email client. Outlook has an option that will automatically downloads the attachment when we open that particular email.
What are the aftermath?
This mainly affects lots system commands like delete and some necessary commands that windows needed for its execution. We can’t change registry entry since the virus is executing.
What is the name of executable?
The name of the executable is pretty interesting very similar to explorer.exe but explorcr.exe so that we will be confused. The executable loads in startup so we won’t be able to do our tasks.
Process of removal
Don’t forget to change the downloaded files extension to .zip and change exc file extension to exe!!!
Download below files (Security Task Manager and NOD32 Registry Fix)
2. Kill the process of explorcr.exe and delete manually from %systemroot%\system32 (its hidden). you won’t see happy birthday caption again, as soon as you kill the process
3. Delete manually also autorun.inf from the %systemroot% (its hidden)
Remark:
If you cant find that files, use some other file browser software such as captain nemo!! cause of virus disabled most of useful system command such as cmd, regedit, msconfig etc.
4. Insert windows xp cd-rom for copy ntldr from i386\ntldr to %systemdrive%
5. Run nod32 registry fix to recover system command
6. Restart your computer
Scan all usb storage and delete manually all of autorun.inf, explorcr.exe and foldername.exe. explorcr.exe delete ntldr fron the systemdrive. Use windows xp recovery console to recopy the ntldr, if the computer is already deleted by explorcr.exe.
If you enjoyed this post, make sure you subscribe to my RSS feed!
Posted in » My thoughts
-
Social Profiles
-
MEET THE AUTHOR
Sanil S is a technology consultant, social media consultant and an entrepreneur from gods own country, Kerala. He blog regularly about...read more »
16 Responses
Thank you for the post buddy
SAF on Jul 22, 2008 | Reply
hi,
i think you try your best but which links you give to download files STM & nod32 registry recovery are compressed file and when i download it, my system could not open it because of not a appropriate programe in my computer will you tell me please that which programe should i install.
ankush singh on Jul 22, 2008 | Reply
Hello..
I mentioned that you need to change both the file name to .zip and .exc to exe. Please check the post.
Sanil S on Jul 24, 2008 | Reply
i have found the explocr.exe but Nemo is saying it cant delete coz its read only. when i try to find the file manually using windows. it cant be found. please tell me if you hav a solution. However i keep my comp. going on by killing the process from task manager. but everytime it restarts it come back again.
ravin on Aug 21, 2008 | Reply
May be your search are not looking for hidden files. Do one thing try to find file using some file searching software.
Sanil S on Aug 21, 2008 | Reply
Thank you,
U saved me.
but STM.compress and NOD32.compress did not worked. I downloaded these files in exe forms from net and than it worked, but any how i am obliged
Muk on Aug 21, 2008 | Reply
hi i have a virus attack happy birthday plese tell me how to remove it.
mukeshbansal on Sep 21, 2008 | Reply
Please follow above instruction.
Sanil S on Sep 22, 2008 | Reply
i have downloaded above files with format .zip ,then i extracted the files in a folder and changed theit extention to .exe by opening them in notepad and then save as .exe.
but my task manager is disabled and i can install programs,on installing the file a window as of dos is blinked once and nothing happens.
can u please give details how can i install above file and u have said about killing processes how can i do it without task manager.
hope u will help me in saving my data . thank you.
himanshu on Oct 21, 2008 | Reply
hi
today i entered a flash memory contains this virus, but i didn’t know of course. i was told that after that. but i always scan viruses before entering anything. does that work ???? and if it’s not , what shall i do?? wait the virus till it work then follow the instructions
please help me
and thanks
Israa on Feb 27, 2009 | Reply
hi
today i entered a flash memory contains “the Happy Birthday ” virus, but i didn’t know of course. i was told that after that. but i always scan viruses before entering anything. does that work ???? and if it’s not , what shall i do?? wait the virus till it work then follow the instructions
please help me
and thanks
Israa on Feb 28, 2009 | Reply
Thank you! I was able to remove the virus.
JC on Mar 21, 2009 | Reply
Thank you very much. Happy Birthday virus was remove from the desktop and a laptop PC I was fixing (4/21/09).
James Undag on Apr 22, 2009 | Reply
Nice site ! people should read this .
car on May 28, 2009 | Reply
how will i know if its already removed???? the caption “happy birthday is already gone” and i can open now the “windows task manager” and the regedit… is the virus already gone??
nina on May 31, 2009 | Reply
Just apply the process mentioned, if the process is going well certainly the virus will be removed.
Sanil S on Jun 1, 2009 | Reply
Leave a comment