Some tips and tricks to kill virus in XP
Posted by Sudeep Pandey on September 22, 2008
How to get rid off Ravmon.exe virus without using antivirus
Kill process ravmon.exe SCVVHOST.EXE (note virus name is capital)
1. Delete hidden files Ravmon.exe, MDM.EXE SCVHOST.EXE, SCVVHOST.INI (C:/windows)
2. Find ravmon.exe, SCVHOST.EXE in regedit and delete all these values.
3. Change in –regedit:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
Create a D-Word: CheckedValue assign to 1 (if virus is infected the value is 0 so changed it to 1).
How to enable Folder Options Menu in Windows
Some virus disable the folder options so to get rid off such problem, we have to modify some key value in regedit.
1. Create a new D-Word Value named “NoFolderOptions” and set it to equal 0;
0 means Folder option enable in menu and 1 mean disable folder option in window menu.
The given D-Word is created in
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
How to enable Windows Registry (regedit.exe)
1. Click run and typed gpedit.msc
2. Then it will open the window named Group Policy
3. Go to Administrative Templates of User Configuration (right side of the windows) and then go to System
4. Disable Prevent access to registry editing tools.
How to kill Folder.exe virus
1. Kill the SCVVHSOT.exe using process explorer
2. Uncheck SCVVHSOT.exe from msconfig>startup
3. Then delete the file named SCVVHSOT.exe which is inside in Windows and system32 folder of windows.
4. And then delete SCVVHSOT.exe using regedit.exe
How to enable Task Manager.
Some virus like folder.exe disables the Task Manager.
When we enter CTRL+ALT+DELETE it shows the message “Task Manager has been disabled by your administrator” rather than displaying the windows Task Manager.
To solve such problem,
a) The D-Word value named “DisableTaskMgr” is set to 0. If 1, it is disabled. The D-Word value is changed in the windows registry inside the following key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
How to enable or disable Autorun.ini command.
If you disable Autorun, commands in the Autorun.inf file will be ignored.
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
Enable: “NoDriveTypeAutoRun” = “95 00 00 00″
Disable: “NoDriveTypeAutoRun” = “BD 00 00 00″ or 0×000000b1(177)
How to remove ntde1ect.com or sometimes named as ntde1 ect.com virus
ntde1ect.com is a virus that checked only “Do not show hidden files and folders” and also checked “Hide protected operating system files (Recommended)”.
The following steps are required to solve the problem:
1. Start the computer with safe mode
2. Search the hidden files and system files and delete files- ntde1ect.com
3. Also remove ntde1ect.com from regedit
4. Note ntde1ect.com virus is also related with avpo.exe virus which is inside system32 and delete avpo.exe and its dll file.
5. Remove avpo.exe from regedit
6. The infection is removed and now to show hidden files follow the next title
Some key points of Windows Registry Tutorial
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue: 1
DefaultValue: 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN
CheckedValue: 2
DefaultValue: 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden
CheckedValue: 0
DefaultValue: 0
UncheckedValue: 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt
CheckedValue: 1
DefaultValue: 1
UncheckedValue: 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCache
CheckedValue: 1
DefaultValue: 0
UncheckedValue: 0
