I love my Job @ Hyderabad

I love my Job @ Hyderabad
My busy day is spent like this!

Followers

Tuesday, December 28, 2010

"HDD Low" Virus attack

Just today evening "HDD Low" Virus attack took place on my Laptop. I, with my hands on knowledge on MS command
Virus Attack
prompt and commands and windows boot up modes, valiantly fought and secured the Laptop. Nobita says thanks!!

What is this virus:

This virus is a malware from "mdisk corp" which does not harms the system or deletes the content but creates havoc for the user in the following ways:
a. First of all it will include itself in the msconfig>>startup services.
b. Then, it will disable all the Windows system executable files like msconfig and others. So now you cannot disable this virus from auto loading during Windows boot-up.
c. It will disable all the other startup services including your anti-virus program. So your anti-virus program is helpless.
d. Windows will start displaying windows error messages saying , "Hard Disc Failed, reformat", "RAM Failure".
e. A Window with Caption "HDD low" will pop-up showing that it is analysing and doing a number of tests on your HDD. It will suggest you to Defragment you HDD. Do not do so.
f. You will not be able to exit this window.

Technical details:
Virus locations
This virus gets itself copied at the following locations:
>>C:\Users\<UserName>\AppData\Local\Temp\1351327.exe
and
>>C:\ProgramData\<Some very long Aplha Numberic File Name>

On deleting it, it regenerates from the ProgramData master File (C:\ProgramData\<Some very long Aplha Numeric File Name>) to a another random numeric named exe file, for example: 
>>C:\Users\<UserName>\AppData\Local\Temp\107593.exe

How to remove this Virus:

Be calm and do not panic and perform the below steps one by one:
Victim User
a. Restart your computer.
b. While initial stages of rebooting press F8 for advanced options.
c. Select Reboot with "Safe Mode" option.
d. After reboot completes go to,
     d.1 C:\Users\<UserName>\AppData\Local\Temp\
     and 
     d.2 C:\ProgramData\
and sort the files with modified date. Delete the files with the names matching the characteristics mentioned above.
e. Run "msconfig" and uncheck the entries mentioned below under the startup tab: 
     e.1 1351327
     e.2 107593
     e.3 msql
f. Restart the computer and you are done. 


Similar forum discussion can be found here.
Sunit Ronnie Ghosh

2 comments:

PULSE said...

nice artical....i hope that virus would not attack ur laptop again....get a better antivirus

Sunit said...

@Pulse

Thanks for reading the article and for the wishes!!! Wish you a happy new year.