Remove Happy Birthday Virus
Written on July 22, 2008 – 3:12 pm | by Sanil S
 |
Post Page Rank |
One of friend from Dubai told me about the Virus. He told me that their outlets got affected by this virus, its spreading very fast. It will loaded in the first time and will get affected in 1 - 2 weeks time. The name of the virus is Happy birthday virus.
Which all medias used for spreading?
Usually there are 2 main media’s that spread this Virus. One is emails another one is thumb drives. Be very care if you are using outlook as email client. Outlook has an option that will automatically downloads the attachment when we open that particular email.
What are the aftermath?
This mainly affects lots system commands like delete and some necessary commands that windows needed for its execution. We can’t change registry entry since the virus is executing.
[ad#after-title]
What is the name of executable?
The name of the executable is pretty interesting very similar to explorer.exe but explorcr.exe so that we will be confused. The executable loads in startup so we won’t be able to do our tasks.
Process of removal
Don’t forget to change the downloaded files extension to .zip and change exc file extension to exe!!!
Download below files (Security Task Manager and NOD32 Registry Fix)
2. Kill the process of explorcr.exe and delete manually from %systemroot%\system32 (its hidden). you won’t see happy birthday caption again, as soon as you kill the process
3. Delete manually also autorun.inf from the %systemroot% (its hidden)
Remark:
If you cant find that files, use some other file browser software such as captain nemo!! cause of virus disabled most of useful system command such as cmd, regedit, msconfig etc.
4. Insert windows xp cd-rom for copy ntldr from i386\ntldr to %systemdrive%
5. Run nod32 registry fix to recover system command
6. Restart your computer
Scan all usb storage and delete manually all of autorun.inf, explorcr.exe and foldername.exe. explorcr.exe delete ntldr fron the systemdrive. Use windows xp recovery console to recopy the ntldr, if the computer is already deleted by explorcr.exe.
Random Posts
Posted in » My thoughts
6 Responses
Thank you for the post buddy
SAF on Jul 22, 2008 | Reply
hi,
i think you try your best but which links you give to download files STM & nod32 registry recovery are compressed file and when i download it, my system could not open it because of not a appropriate programe in my computer will you tell me please that which programe should i install.
ankush singh on Jul 22, 2008 | Reply
Hello..
I mentioned that you need to change both the file name to .zip and .exc to exe. Please check the post.
Sanil S on Jul 24, 2008 | Reply
i have found the explocr.exe but Nemo is saying it cant delete coz its read only. when i try to find the file manually using windows. it cant be found. please tell me if you hav a solution. However i keep my comp. going on by killing the process from task manager. but everytime it restarts it come back again.
ravin on Aug 21, 2008 | Reply
May be your search are not looking for hidden files. Do one thing try to find file using some file searching software.
Sanil S on Aug 21, 2008 | Reply
Thank you,
U saved me.
but STM.compress and NOD32.compress did not worked. I downloaded these files in exe forms from net and than it worked, but any how i am obliged
Muk on Aug 21, 2008 | Reply
Leave a comment