How to remove autorun virus from your flash drives and any hard disk drives

Have you at one time or the other used your flash drive in someone else computer and try to use it on your own computer and you discover that when you click on your drive to open, it opens in a new window?
Do you always see a notepad file with the name BOOTEX.LOG inside your flash drive?

This is a sign that you have autorun virus in your flash drive. Autorun virus is transferred through flash and storage disk from an infected computer to a none infected one. When an infected flash drive is inserted into a none infected computer the virus uses autorun.inf to execute the virus on the system. The virus is always resident in the root directory of the flash drive and other storage devices. It has file extensions like .bat, .exe, .com, .BKK and file name like autorun.inf, o1.com, etc.

Sometimes even when you scan your computer, some antivirus does not remove it.
To remove this autorun virus from your flash drive or any other drive, you have to check if your flash has autorun virus or any root directory virus.

To check your flash drive, click start in your task bar, click run, inside the dialog box type cmd when the command prompt opens, change to your flash drive directory. To change to your flash directory type you drive location and semi column (e.g. K :) and press enter. Then type dir /ah (i.e. dir space forward slash ah) this will display all the files in the root directory of the flash. If there is no virus it will some thing like the screen short below or it will write file not found. If you see any file with .com, .exe, .bkk, .inf, .exe extension on the flash drive. That means you have a virus in the flash. To delete the virus Type del /ah /f (i.e. del space forward slash ah space forward slash f) followed by the file name and press enter to delete the virus
Like the screen short above I know that BOOT.BKK is a virus in my Hard drive I will type del /ah /f BOOT.BKK to delete it. if i had more virus on my drive i will delete them one by one until there is none left.
Note: you have to type the name of the virus the way you see it because it is case sensitive.
After you have removed the files, type dir /ah to confirm if the virus has been remove.

If you followed through and took the steps as I have outlined then you will not see the virus files again that means that the virus has been removed. To remove autorun virus from your hard drives, follow the same procedure above to remove the virus. Then restart your computer and the virus is gone.

This article is open for comments and questions

To know more about computer virus and how to remove them visit online-computer-repairs.blogdspot.com or send a mail to onlinecomputerrepairs@gmail.com

Read More

How to restore disabled task manager, Regedit, and cmd

If you cannot open task manager, you cannot run Regedit and you cannot run command prompt (cmd). Each time you want to run cmd you see a message that says this program has been disabled by administrator, who is the administrator if not you that owns the computer. Therefore, you begin to wonder what could have happened to your computer.

Firstly, there is virus in your computer. To restore the disabled programs on your computer you have to change the registry settings that the virus changed. Now that the regedit is also disabled what do i do?
in this article we will use gpedit.msc to restore disabled task manager, regedit, and cmd
The virus that disables your Regedit and cmd and disables your task manager is a Direct Action Viruses

the main purpose of this virus is to replicate and take action when it is executed. When a specific condition is met, the virus will go into action and infect files in the directory or folder that it is in and in directories that are specified in the AUTOEXEC.BAT file PATH. This batch file is always located in the root directory of the hard disk and carries out certain operations when the computer is booted. Examples are i.exe, autorun.inf. Other virus that can disable your task manager, cmd, and regedit and automatically close your program is killer.exe virus and smss.exe. For more information on computer virus click here.

This virus attack can put your computer in a very unstable state that you even prefer to format your computer. Follow these steps to restore your disabled task manager, regedit and cmd.
If you notice that, any application that you open to use and remove the virus is automatically then you have killer.exe and smss.exe. Close all running program and boot your computer in save mode. To boot your computer in safe mode shut down your computer, turn it on, and keep pressing F8 button on your keyboard until you get to a window where you see safe mode and other troubleshooting option. Use your arrow key to move to safe mode and press the enter button it will boot in safe mode but it might take more time than usual to boot. When your computer has finish booting in safe mode click start and click on run. Type gpedit.msc, a window will open that looks like this.

Under user configuration on the left pane click the arrow before administrative template, click on system then
Look at the right hand pane. Double click prevent access to registry editing tool. The property window will appear, select disabled and click apply and ok. Still on the right pane double click, prevent access to command prompt also select disable in the property window.
Then at the left pane of the gpedit.msc expand system folder by clicking on the + sign beside it.
When the folder is expanded, click CTR+ALT Option, double click remove task manager on the right pane and select disable in the property window. Restart your computer your task manager, cmd, regedit will be restored. Then update your antivirus and scan your computer.
Note that for a virus to enter your computer and disable these windows functions, that means the antivirus in your is not good or it is not working. Probably you need to update it if it is a good antivirus.

this article is open for comments and questions

To know more on computer virus and computer repairs visit online-computer-repairs.blogspot.com. or send a mail to onlinecomputerrepairs at gmail.com

Read More

Types of Computer Virus

Types of Computer Virus

A computer virus is a self-replicating computer program written to alter the way a computer operates without the permission or knowledge of the user. Computer viruses are similar to biological viruses in the way they multiply in number and in the way; they need a host to survive. However, in both cases there must be a cause, such as weak immune system or an expired anti-virus program, in order for the virus to penetrate and spread. The way a computer virus infiltrates your PC depends on the type of virus it is. Because all computers viruses have their own features and factors that make them unique and dangerous to the health of your computer. In this article, I will be sharing with you types of computer viruses so that you can better protect your computer.
Some times when you are infected, you rely know which of the virus is affecting your computer. Below is the list of the most common viruses affecting most computers:

1. Trojan Horses
2. Worms
3. Email Viruses

A Trojan horse appears to be nothing more than an interesting computer program or file, The Trojan virus once on your computer, does not reproduce, but instead makes your computer vulnerable to malicious attacks by allowing them to access and read your files. This makes the virus extremely dangerous to your computer. This virus can be minimized when you avoid downloading unnecessary files and software’s, and only download software’s and files that you are sure of.

A Worm is a virus program that copies and multiplies itself by using computer networks and security flaws. The worm may do damage and compromise the security of the computer. It may arrive via poor system security or by e-mail. Once Copied, the copied worms scan the network for further vulnerabilities and flaws in the network. The best way to protect you from worms is by updating your security software’s. You should avoid opening email attachments from unknown senders.

Email viruses use email messages to spread. An email virus can automatically forward itself to thousands of people, depending on whose email address it attacks. To avoid receiving virus-laden emails, always check that your antivirus software is up-to-date and stay clear of opening attachments. Also, block unwanted email viruses by installing a spam filter and popup blockers.

Other type of viruses exist and one should be careful to prevent himself from getting infected examples are

Boot sector Virus:
A virus that attaches itself to the first part of the hard disk that is read by the computer upon bootup. These are normally spread by floppy disks. To prevent this virus use an antivirus that scan boot files and make sure that the antivirus is updated Examples of boot viruses include: Polyboot.B, AntiEXE.


Macro Virus:
Macro viruses are viruses that use another application's macro programming language to distribute themselves. They infect documents such as MS Word or MS Excel and are typically spread to other similar documents. They usually have the infected file name with .exe extension e.g. m-sword .exe instead of doc. They always run from your driver folder. In system 32 folder. Example of such virus is raila odinga virus. For how to remove raila odinga virus read it here

Memory Resident Viruses:
Memory Resident Viruses reside in a computers volatile memory (RAM). They are initiated from a virus which runs on the computer and they stay in memory after its initiating program closes.

Direct Action Viruses
The main purpose of this virus is to replicate and take action when it is executed. When a specific condition is met, the virus will go into action and infect files in the directory or folder that it is in and in directories that are specified in the AUTOEXEC.BAT file PATH. This batch file is always located in the root directory of the hard disk and carries out certain operations when the computer is booted. Examples are i.exe, autorun.inf.

Overwrite Viruses
Virus of this kind is characterized by the fact that it deletes the information contained in the files that it infects, rendering them partially or totally useless once they have been infected.

The only way to clean a file infected by an overwrite virus is to delete the file completely, thus losing the original content.

Examples of this virus include: Way, Trj.Reboot, Trivial.88.D.

Polymorphic Virus
Polymorphic viruses encrypt or encode themselves in a different way (using different algorithms and encryption keys) every time they infect a system.

This makes it impossible for anti-viruses to find them using string or signature searches (because they are different in each encryption) and also enables them to create a large number of copies of themselves.

Examples include: Elkern, Marburg, Satan Bug, and Tuareg.

File Infectors
This type of virus infects programs or executable files (files with an .EXE or .COM extension). When one of these programs is run, directly or indirectly, the virus is activated, producing the damaging effects it is programmed to carry out. The majority of existing viruses belongs to this category, and can be classified depending on the actions that they carry out.

FAT Virus
The file allocation table or FAT is the part of a disk used to connect information and is a vital part of the normal functioning of the computer.
This type of virus attack can be especially dangerous, by preventing access to certain sections of the disk where important files are stored. Damage caused can result in information losses from individual files or even entire directories.

Logic Bombs
They are not considered viruses because they do not replicate. They are not even programs in their own right but rather camouflaged segments of other programs.

Their objective is to destroy data on the computer once certain conditions have been met. Logic bombs go undetected until launched, and the results can be destructive.

This article is open for comments and questions.
For more on virus tips visit online-computer-repairs

Read More

Virus tips

Virus Tips

A computer virus is a self-replicating computer program written to alter the way a computer operates without the permission or knowledge of the user. Some viruses infect existing files on your computer, transforming regular files (like Word documents or system files) into infected files. Other viruses delete certain types of files on your computer. Virus sometimes interferes with your mouse cursor making it hard for you to control. A virus can spread from one computer to another when its host is taken to the uninfected computer, for instance by a user sending it over a network or the Internet, or by carrying it on a removable medium such as a floppy disk, CD, or USB drive.

Viruses are sometimes confused with computer worms and Trojan horses. A worm can spread itself to other computers without the need to be transferred as part of a host, and a Trojan horse is a file that appears harmless. Worms and Trojans may cause harm to a computer system’s hosted data, functional performance, or networking throughput, when executed.

Symptoms of a virus infected computer
The following are some major symptoms that show that a computer may be infected:

• The computer runs slower than usual.
• The computer stops responding, or it locks up frequently.
• The computer crashes, and then it restarts every few minutes.
• The computer restarts on its own. Additionally, the computer does not run as usual.
• Applications on the computer do not work correctly.
• Disks or disk drives are inaccessible.
• You cannot print items correctly.
• You see unusual error messages.
• You see distorted menus and dialog boxes.
• There is a double extension on an attachment that you recently opened, such as a .jpg, .vbs, .gif, or .exe. Extension.
• An antivirus program is disabled for no reason, or the antivirus program cannot be restarted.
• An antivirus program cannot be installed on the computer, or the antivirus program will not run.
• New icons appear on the desktop that you did not put there, or the icons are not associated with any recently installed programs.
• Strange sounds or music plays from the speakers unexpectedly.
• A program disappears from the computer even though you did not intentionally remove the program.
• You see folders created inside folders, with the name of the containing folder and then “EXE” extension i.e. new folder.exe
Note: These are common signs of infection. However, some signs may be caused by hardware or software problems that have nothing to do with a computer virus. Unless you have a good and an updated anti virus Software, you may not be certain whether a computer is infected with a computer virus or not.

How to protect your computer

If you suspect that your computer is infected with a computer virus, follow the steps below to remove the virus

1. Install powerful antivirus software: if you suspect a virus on your computer, install a good antivirus software and make sure its updated at all times
2. Scan your computer to get rid of the virus.
3. Attend to Antivirus notification, sometimes your antivirus may dictate a virus and needs you take action and gives you notification. It’s very important that you always pay attention to your antivirus status.
Click here for more on how to protect your computer.

4. Finally install registry and malware removal tool, to dictate harmful registry entries entered by the virus and use the malware to dictate the location of the virus and remove them.

This article is open for comments and questions.
For more on virus tips visit online-computer-security.blogspot.com

Read More

HOW TO REMOVE RAILA ODINGA VIRUS IN 2 MINUTES

HOW TO REMOVE RAILA ODINGA VIRUS IN 2 MINUTES

How to remove raila odinga virus is a very easy process. Firstly, Raila odinga is a worm that attacks microsoft word files, but it looks like a jpg file and mostly found on the desktop.
Raila odinga has some common characteristics

1. If you delete the picture file it will delete and return to where it where.
2. It runs from the driver folder in system 32 folder
3. it auto runs at system startup
4. It makes the computer boot slowly
5. It makes your computer to hang.
6. It creates new folder.exe folders in your computer

How to remove raila odinga virus, open my computer, double click drive C: open WINDOWS folder, double click on system 32 folder, open driver folder,
locate the word file in the folder, note the name. Right click on the task bar, open task manager, click on the process tab locate the name of the word file you saw in the drive folder, right click on the name of the file, click end process, to terminate the running process
Open the driver folder of system 32 where the file is, delete all the ms word files on that folder, then close the folder locate the raila odinga picture file usually on the desktop or somewhere in your computer, delete the picture file. Please do not double click on the picture file only delete it, finally empty your recycle bin and restart your computer. That way odinga is off your machine.

for more computer maintenance articles, computer security and virus removal articles visit online-computer-repairs

Read More