Pages

Tuesday, February 9, 2010

How To Remove NTDETEC1.exe Virus


Symptoms:
1. Task Manager closes as soon as it launches.
2. RegEdit may be inaccesible
3. Folder Options may be inaccessible


When I scanned using some anti-virus software, Nod32, Symantec
AV Corporate, McAfee and AVG failed to detect the files, even in Safe Mode.


If you’re using the Operating System called Windows, chances are that you might have already come across the ntdetec1.exe virus. Or you will, sooner or later.


Its official name is W32.Ceted and it is a worm that copies itself to all shared and removable drives and spreads when the user double clicks on it to open it. If a system is infected, it creates a folder called ntdetec1 in your System Drive which is NOT visible via Explorer or Command prompt.


~~~To remove it, run the following commands at the command prompt:


taskkill /im cmrss.exe
taskkill /im ntdetec1.exe
taskkill /im shell32.exe


Now, make sure you are in the root drive of your system. For example, if your Windows in installed in C:, make sure your prompt shows C:\>
Now, run the command..


attrib ntdetec1 -s -h -r /s /d


(s->system,h->hidden,r->read only)


This will make the folder visible in explorer. Now you can Shift+Delete the folder from explorer.


Also, you might need to delete the following registry key (if it is present)


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\ Run\"winlogon" = "C:\ntdetec1\run.exe"


Congratulations, this will remove all known traces of the above worm.

0 comments: