Tips to Detect Virus Files and Infected files

How to detect virus files?

Virus files now a days are more improved and hard to find than earlier, now some files have nice icon so user cant imagine that file is virus or unwanted. Normal Properties of virus or infected files, that always tries to connect internet and get other unwanted softwares or files to the victims computer.

Some Trojan files like Sality.AA copies its file to windows\system32 with same file size, so it can identify easily, some may in hidden, and creates files in all folder with same name as folder. For Example, i have a folder in C:\myfolder, when this trojan infect the system, creates files in that folder with name myfolder.exe with size ~499 KB, if we open that file nothing opens but system will get busy. Like that so many files where created in those Drives and folders.

How To Delete these files:

Use Windows Search utility or any alternative, before that find file size of file created, like myfolder.exe, if this filesize is 499 KB, add file size in Search parameter so you can easily delete all folder named execute files.

Note:

If any exe file is running, you cannot delete some files, before that end those suspected file processess. You can use Windows Task Manager or any Alternative Task Processes lister like Process Explorer.
Get Process explorer from
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
http://en.wikipedia.org/wiki/Process_Explorer

From Process Explorer you can delete files, download this free program.

Detect Infected Virus Files.

To Detect infected files is simple. If you think your normal application tooks more time than normal, it may be the cause of virus infection. Bitdefender is the Best Antivirus software can be used in Disinfection of virus infected files.

Removal for Trojan W32/Virut.CE

The Virus.Win32.Virut.ce is a Trojan, which infects Windows Operating system,

The infected system will be Very slow, and infected computer Shuts down after a couple of minutes when user logged in with a dialog box showing an Red X mark and countdown timer.  This Trojan infects or copies its files to *.dll and *.exe windows\system32 folder and to C, D drives.

Some Known files names for Virus.Win32.Virut.ce are perrdlm.exe, klpllsm.exe and more

This trojan makes Startup Registry entries at
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
“cdmmslpo”=”C:\\WINDOWS\\system32\\klpllsm.exe”
“qaswww”=”C:\\WINDOWS\\system32\\perrdlm.exe”
“shccde”=”C:\\WINDOWS\\system32\\ipismd.exe”

If you delete these files and entries, it will restore again after a system restart, Since virus infected on other files.

So it is very hard to remove this trojan manually, So here we can use this removal with a free removal tool from Grisoft.

The GRISOFT has released a Free Removal Tool for this type trojan,  Win32/Virut

Download the following two files
rmvirut.exe
rmvirut.nt

run the rmvirut.exe file.

Note:
You can also specify the disks (or partitions) to heal as a command parameters.
e.g.: “rmvirut C: D:”. If the command is used without parameters, it heals all disks (partitions) on computer.

For example you want to scan a folder in d drive, folder name is tools
d:\rmvirut.exe D:\tools
this command is executed from
Start – Run, In the run Command Menu box type Full path including rmvirut.exe with path of folder or drive to scan.
type Command, Press Ok to run ( In vista Confirm Allow to continue)

For Successful running of the remover requires administrator rights. For proper functionality of the remover it is necessary to save the rmvirut.nt into the same folder as rmvirut.exe.

For Further Support Contact Us,
VirusExperts.org

Removal of W32/Agent.JVW Trojan (Manual)

Removal of W32/Inject.AAOH Trojan (Manual)

Removal of W32/VB.LN Worm (IM-Worm.Win32.VB.ln, W32/VB-DGA, WORM_VB.GMM) (Manual)

Removal of W32/AutoRun.NAN Worm (Worm.Win32.AutoRun.nan, Worm:W32/AutoRun.GF) (Manual)

Try Returnil Virtual System 2010 For Free

Returnil Virtual System 2009 Beta uses a combination of antivirus and virtualization technologies to protect your system against both malicious software and unwanted changes. Returnil virtualization technology clones your computer’s System Partition and boots the PC into a controlled virtual world rather than native Windows; allowing you to run your applications in a completely isolated and secure environment.

Read more

Removal of W32/Koobface.GJ Worm (Manual)

Removal of Advanced Virus Remover (Manual)

Advanced Virus Remover is a rogue security application promoted through the use of Trojans, fake advertisements and online anti-malware scanners. It is advertised as an anti-virus software, but in reality, though, AdvancedVirus Remover is just another scam. The main purpose of the rogue is to scare you into thinking that your computer is seriously infected with malware, spyware and other parasites. Once, this program is installed and active, it will simulate system scan and display many bogus infections that won’t be removed until you purchase Advanced Virus Remover.

Read more

Removal of W32/AutoRun.PYK Worm (Manual)