Remove new folder exe or regsvr exe or autorun inf or gpphone exe virus

Remove new folder exe or regsvr exe or autorun inf or gpphone exe virus

Avast will not work on this virus..
AVG Not work on this virus
Trend Micro able to detect but not get success to remove it completely


Step By Step Process of removal

First Step -
Search for autorun.inf file. It is a read only file so you will have to change it to normal by right clicking the file , selecting the properties and un-check the read only option
Open the file in notepad and delete everything and save the file.
Now change the file status back to read only mode so that the virus could not get access again.

Second Step -
Click start->run and type msconfig and click ok
Go to startup tab look for regsvr or new folder or gpphone and uncheck the option click OK.

Third Step -
Click on Exit without Restart, cause there are still few things we need to do before we can restart the PC.

Fourth Step -
Now go to control panel -> scheduled tasks, and delete the At1 task listed their.

Fifth Step -
Now Click on start -> run and type gpedit.msc and click Ok.

If you are Windows XP Home Edition user you might not have gpedit.msc in that case download and install it from Windows XP Home Edition: gpedit.msc and then follow these steps.

Go to users configuration->Administrative templates->system
Find “prevent access to registry editing tools” and change the option to disable.

Once you do this you have registry access back.
Launch The Attack At Heart Of Castle
Click on start->run and type regedit and click ok
Go to edit->find and start the search for regsvr.exe,

Delete all the occurrence of regsvr.exe; remember to take a backup before deleting. KEEP IN MIND regsvr32.exe is not to be deleted. Delete regsvr.exe occurrences only.

At one ore two places you will find it after explorer.exe in theses cases only delete the regsvr.exe part and not the whole part. E.g. Shell = “Explorer.exe regsvr.exe” the just delete the regsvr.exe and leave the explorer.exe
Seek And Destroy the enemy soldiers, no one should be left behind

Click on start->search->for files and folders.
Their click all files and folders

Type “*.exe” as filename to search for
Click on ‘when was it modified ‘ option and select the specify date option
Type from date as 1/31/2008 and also type To date as 1/31/2008

Now hit search and wait for all the exe’s to show up.
Once search is over select all the exe files and shift+delete the files, caution must be taken so that you don’t delete the legitimate exe file that you have installed on 31st January.

Also selecting lot of files together might make your computer unresponsive so delete them in small bunches.

Also find and delete regsvr.exe, svchost .exe( notice an extra space between the svchost and .exe)

Now do a cold reboot (ie press the reboot button instead) and you are done.

I hope this information helps you to resolve the problem of new folder exe or regsvr exe or autorun inf or gpphone exe virus