One of friend from Dubai told me about the Virus. He told me that their outlets got affected by this virus, its spreading very fast. It will loaded in the first time and will get affected in 1 – 2 weeks time. The name of the virus is Happy birthday virus.
Which all medias used for spreading?
Usually there are 2 main media’s that spread this Virus. One is emails another one is thumb drives. Be very care if you are using outlook as email client. Outlook has an option that will automatically downloads the attachment when we open that particular email.
What are the aftermath?
This mainly affects lots system commands like delete and some necessary commands that windows needed for its execution. We can’t change registry entry since the virus is executing.
What is the name of executable?
The name of the executable is pretty interesting very similar to explorer.exe but explorcr.exe so that we will be confused. The executable loads in startup so we won’t be able to do our tasks.
Process of removal
Don’t forget to change the downloaded files extension to .zip and change exc file extension to exe!!!
Download below files (Security Task Manager and NOD32 Registry Fix)
2. Kill the process of explorcr.exe and delete manually from %systemroot%\system32 (its hidden). you won’t see happy birthday caption again, as soon as you kill the process
3. Delete manually also autorun.inf from the %systemroot% (its hidden)
If you cant find that files, use some other file browser software such as captain nemo!! cause of virus disabled most of useful system command such as cmd, regedit, msconfig etc.
4. Insert windows xp cd-rom for copy ntldr from i386\ntldr to %systemdrive%
5. Run nod32 registry fix to recover system command
6. Restart your computer
Scan all usb storage and delete manually all of autorun.inf, explorcr.exe and foldername.exe. explorcr.exe delete ntldr fron the systemdrive. Use windows xp recovery console to recopy the ntldr, if the computer is already deleted by explorcr.exe.