One of friend from Dubai told me about the Virus. He told me that their outlets got affected by this virus, its spreading very fast. It will loaded in the first time and will get affected in 1 – 2 weeks time. The name of the virus is Happy birthday virus.

Which all medias used for spreading?

Usually there are 2 main media’s that spread this Virus. One is emails another one is thumb drives. Be very care if you are using outlook as email client. Outlook has an option that will automatically downloads the attachment when we open that particular email.

What are the aftermath?

This mainly affects lots system commands like delete and some necessary commands that windows needed for its execution. We can’t change registry entry since the virus is executing.


What is the name of executable?

The name of the executable is pretty interesting very similar to explorer.exe but explorcr.exe so that we will be confused. The executable loads in startup so we won’t be able to do our tasks.

Process of removal

Don’t forget to change the downloaded files extension to .zip and change exc file extension to exe!!!
Download below files (Security Task Manager and NOD32 Registry Fix)

Download file 1

Download file 2

2. Kill the process of explorcr.exe and delete manually from %systemroot%\system32 (its hidden). you won’t see happy birthday caption again, as soon as you kill the process
3. Delete manually also autorun.inf from the %systemroot% (its hidden)

If you cant find that files, use some other file browser software such as captain nemo!! cause of virus disabled most of useful system command such as cmd, regedit, msconfig etc.

4. Insert windows xp cd-rom for copy ntldr from i386\ntldr to %systemdrive%
5. Run nod32 registry fix to recover system command
6. Restart your computer

Scan all usb storage and delete manually all of autorun.inf, explorcr.exe and foldername.exe. explorcr.exe delete ntldr fron the systemdrive. Use windows xp recovery console to recopy the ntldr, if the computer is already deleted by explorcr.exe.

Click here to submit your review.

Submit your review
* Required Field

Tags: ,


Sanil S Founding member of MobMe Wireless Pvt Ltd, Ayruz Web Holdings

18 comments on “Remove Happy Birthday Virus

  1. Thank you for the post buddy

  2. ankush singh on said:

    i think you try your best but which links you give to download files STM & nod32 registry recovery are compressed file and when i download it, my system could not open it because of not a appropriate programe in my computer will you tell me please that which programe should i install.

  3. Sanil S on said:

    I mentioned that you need to change both the file name to .zip and .exc to exe. Please check the post.

  4. i have found the explocr.exe but Nemo is saying it cant delete coz its read only. when i try to find the file manually using windows. it cant be found. please tell me if you hav a solution. However i keep my comp. going on by killing the process from task manager. but everytime it restarts it come back again.

  5. Sanil S on said:

    May be your search are not looking for hidden files. Do one thing try to find file using some file searching software.

  6. Thank you,

    U saved me.

    but STM.compress and NOD32.compress did not worked. I downloaded these files in exe forms from net and than it worked, but any how i am obliged

  7. mukeshbansal on said:

    hi i have a virus attack happy birthday plese tell me how to remove it.

  8. Please follow above instruction.

  9. himanshu on said:

    i have downloaded above files with format .zip ,then i extracted the files in a folder and changed theit extention to .exe by opening them in notepad and then save as .exe.
    but my task manager is disabled and i can install programs,on installing the file a window as of dos is blinked once and nothing happens.
    can u please give details how can i install above file and u have said about killing processes how can i do it without task manager.

    hope u will help me in saving my data . thank you.

  10. hi
    today i entered a flash memory contains this virus, but i didn’t know of course. i was told that after that. but i always scan viruses before entering anything. does that work ???? and if it’s not , what shall i do?? wait the virus till it work then follow the instructions
    please help me

    and thanks

  11. hi
    today i entered a flash memory contains “the Happy Birthday ” virus, but i didn’t know of course. i was told that after that. but i always scan viruses before entering anything. does that work ???? and if it’s not , what shall i do?? wait the virus till it work then follow the instructions
    please help me

    and thanks

  12. Thank you! I was able to remove the virus.

  13. James Undag on said:

    Thank you very much. Happy Birthday virus was remove from the desktop and a laptop PC I was fixing (4/21/09).

  14. Nice site ! people should read this .

  15. nina on said:

    how will i know if its already removed???? the caption “happy birthday is already gone” and i can open now the “windows task manager” and the regedit… is the virus already gone??

  16. Sanil S on said:

    Just apply the process mentioned, if the process is going well certainly the virus will be removed.

  17. CARLOS PORTER on said:

    The Virus Happy Birthday can affect a MAC computer?

  18. Frederick @ registry clean up site on said:

    The ability to provide 100% Spyware FREE, and NOT contain any Spyware, Adware or Viruses after a registry clean up it great to optimize your PC. Nice!

Leave a Reply

Your email address will not be published. Required fields are marked *


8 × four =

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>