/virus/folder_virus

Virus Removal Techniques

Special Case: Remove Pravat Virus (Browser Hijacker)

Initial Symptoms:

  • The title in the internet explorer shows Microsoft Internet Explorer by Pravat

SOURCE

  • The removable disk (pen drive) with the files sys.vbs and autorun.inf

Precautions:

  • Never double click on the removable disk (pen drive)
  • Turn off the autoplay features on the removable drives (Try Tweak UI)
    Click here to see how to turn off autoplay features using Tweak UI
  • In the sytem with autoplay enabled hold the shift key when inserting the pen drive to bypass the autoplay features
  • Remove the recycler folder and the autorun.inf and sys.vbs from the removable drive
  • Safely remove the removable disk and re-plug in the removable disk to enable open feature on double clicking

CURE

  • Disable the system restore on all the drives
  • Delete the running wsscript from the memory (task manager or the process explorer can be used to delete it)
  • Delete the file sys.vbs from the %system%\system32\sys.vbs where %system% may be C:\windows\ or D:\windows (i.e. C:\windows\system32\sys.vbs )
  • Run regedit from the start>>run>>regedit
  • Press F3 and type Pravat on the search box
  • Change the entry Pravat anything you like
  • Logoff and relogon the system
Free Web Hosting