Here I will try to share documents about Cisco, juniper, Linux, Networking so on. Another thing, if you want to contribute, so please any time. I think this is informative to you and thanks to viewing
Showing posts with label Win Virus. Show all posts
Showing posts with label Win Virus. Show all posts
Monday, May 30, 2011
how to remove autorun.inf virus
GO: start>run>cmd
C:\Documents and Settings\>i: >>> Change drive C: to I: ( removable disk )
I:\>attrib -r -s -h autorun.inf >>> Change attribute of this file
I:\>del autorun.inf >>> Delete the autorun.inf file
I:\>mkdir autorun.inf >>> make this folder same name as virus name for prevent next attack
Tuesday, March 29, 2011
What is spoolsv.exe?
What is spoolsv.exe?
A Microsoft Windows file stored in the c:\windows\system32 or c:\winnt\system32 directory that has the file description: Spooler SubSystem App. This file is responsible for how Microsoft Windows handles print and fax jobs on your computer.
Is this file a spyware, trojan, or virus?
The spoolsv.exe file included with Microsoft Windows is not spyware, a trojan, or a virus. However, like any file on your computer it can become corrupted by a virus, worm, or trojan. antivirus programs can detect and clean this file if it has become infected. Because this file is part of Microsoft Windows users should never delete or remove this file if they think it is infected, let the antivirus program handle it.
There are several known trojans, viruses, and worms that take on the identity of this file. However, once again it's best you use an up-to-date antivirus program to detect viruses and clean or quarantine this file if infected.
Is it safe to remove spoolsv.exe from the Task Manager processes?
Yes. This file is not a critical process and can be safely removed from the Task Manager to free up used memory. To do this in Task Manager highlight he spoolsv.exe process and click the End Process button.
The spoolsv.exe is taking up 99%, 100% or other abnormal high amount of CPU.
This is caused when there are still printer jobs in the Windows spool. To manually remove these print jobs follow the below steps.
1. Click Start, Settings, Control Panel.
2. In the Control Panel double-click the Administrative Tools and then Services.
3. Within services locate Print Spooler and right-click it and select Stop.
4. Once this process has been stopped leave the windows open and open My Computer and browse the the below folder.
c:\windows\system32\spool\PRINTERS
or
c:\winnt\system32\spool\PRINTERS
5. In this folder delete all the files in the PRINTERS folder. Once these have been deleted you can right-click the Print Spooler in the Services window and click Start to re-enable the service.
If this does not resolve your issue it's likely you have an issue with your printer drivers you have installed for your printers or you have a Trojan, virus, or worm infected on the computer. Make sure you have the latest printer drivers for your printer. A listing of printer drivers can be found through our printer drivers page. Additionally make sure you have an antivirus protection program on the computer and that it is up-to-date.
Spoolsv.exe generates errors and will be closed by Windows.
Errors caused by the spoolsv.exe file are often caused by other third-party software programs installed on the computer or the printer drivers installed on the computer. Make sure you have the latest printer drivers for your printer. A listing of printer drivers can be found through our printer drivers page. Additionally make sure you have an antivirus protection program on the computer and that it is up-to-date.
Tuesday, January 25, 2011
Virus Name: Trojan-Dropper:W32/Stuxnet (Remove Manualy)
Name: Trojan-Dropper:W32/Stuxnet
Category: Malware
Type : Rootkit
Platform: W32
Detection Names : Rootkit:W32/Stuxnet, Exploit:W32/WormLink
C:\WINDOWS\system32\drivers\MRXCLS.sys --> Rootkit.Stuxnet.A
--> HKLM\System\ControlSet002\Enum\Root\LEGACY_MRXCLS
--> HKLM\System\ControlSet002\services\MRxCls\"ImagePath"
C:\WINDOWS\system32\drivers\MRXNET.sys --> Rootkit.Stuxnet.A
--> HKLM\System\ControlSet002\Enum\Root\LEGACY_MRXNET
--> HKLM\System\ControlSet002\services\MRxNet\"ImagePath"
First Trun-of Autorun: Manual Removal Using IS2010
• Right click My Computers > Properties > Hardware > Device Manager:
- Go to View > Show Hidden Devices
- Go to Non-Plug and Play Drivers
• Disable both MRXNET and MRXCLS:
Manual Removal Instructions
• Delete the following Registry Keys:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxCls
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxNet
• Delete the following files:
1. %windir%\inf\mdmcpq3.PNF
2. %windir%\inf\mdmeric3.PNF
3. %windir%\inf\oem6C.PNF
4. %windir%\inf\oem7A.PNF
5. %windir%\system32\drivers\mrxcls.sys
6. %windir%\system32\drivers\mrxnet.sys
• Turn-off AutoPlay on all drives (for more details, see http://support.microsoft.com/kb/967715).
• Reboot the system.
• Clean the malware components from the infected USB thumb drive:
1. Open Command Prompt
2. Change drive to USB drive
3. Run command "del *.lnk"
4. Run command "del *.tmp"
thank you............
Virus Name: Image.gif.exe (Remove Manualy)
Name: Image.gif.exe
Category: Virus
Description: This virus hide your task manager, and also run also background in windows.
- At first kill this virus process process (If "taskmanager" diseble then download "iKnowPS" for scann process and kill process)
- Then remove this virus from "Statup" location (C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Image.gif.exe).
- Then go "run" type "msconfig" (System Configuration Utility) and "Startup" then uncheck the "Image.gif" and ok or apply.
- Then Delete this virus "image.gif" from all location (all Drive) then Restart your PC.
- Thank You
Subscribe to:
Posts (Atom)