Вы находитесь на странице: 1из 4

Removing the ntde1ect.com and autorun.

inf files
September 10th, 2007 at 6:01 am (Windows, Tips)
There is a trojan/virus (either the Win32/Pacex virus or the Win32/PSW.Agent.NDP
trojan) that uses those two files. Here is how you can get rid of them:
1) Open up Task Manager (Ctrl-Alt-Del)
2) If wscript.exe is running, end it.
3) If explorer.exe is running, end it.
4) Open up “File | New Task (Run)” in the Task manager
5) Run cmd
6) Run the following command on all your drives by replacing c:\ with other driv
es in turn (note: if you have autorun.inf files that you think you need to backu
p, do so now):
del c:\autorun.* /f /a /s /q
7) Go to your Windows\System32 directory by typing cd c:\windows\system32
8) Type dir /a avp*.*
9) If you see any files names avp0.dll or avpo.exe or avp0.exe, use the followin
g commands to delete each of them:
attrib -r -s -h avpo.exe
del avpo.exe
10) Use the Task Manager’s Run command to fire up regedit
11) Navigate to HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVers
ion \ Run (as usual, take a backup of your registry before touching it!)
12) If there are any entries for avpo.exe, delete them.
13) Do a complete search of your registry for ntde1ect.com and delete any entrie
s you find.
14) Restart your computer.
*******************************
Removing the ntde1ect.com and autorun.inf files
======================================...
There is a trojan/virus (either the Win32/Pacex virus or the Win32/PSW.Agent.NDP
trojan) that uses those two files. Here is how you can get rid of them:
1) Open up Task Manager (Ctrl-Alt-Del)
2) If wscript.exe is running, end it.
3) If explorer.exe is running, end it.
4) Open up “File | New Task (Run)” in the Task manager
5) Run cmd
6) Run the following command on all your drives by replacing c:\ with other driv
es in turn (note: if you have autorun.inf files that you think you need to backu
p, do so now):
del c:\autorun.* /f /a /s /q
7) Go to your Windows\System32 directory by typing cd c:\windows\system32
8) Type dir /a avp*.*
9) If you see any files names avp0.dll or avpo.exe or avp0.exe, use the followin
g commands to delete each of them:
attrib -r -s -h avpo.exe
del avpo.exe
10) Use the Task Manager’s Run command to fire up regedit
11) Navigate to HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVers
ion \ Run (as usual, take a backup of your registry before touching it!)
12) If there are any entries for avpo.exe, delete them.
13) Do a complete search of your registry for ntde1ect.com and delete any entrie
s you find.
14) Restart your computer.
*******************************
Just follow the steps given below
1. Open Task Manager is check for the process names ntde1ect.com, if running kil
l the process.
2. Not Search for the file avp0.exe and delete it. Mostly it will be in %systemr
oot%\system32 folder. Remember this file is stored with hidden and system attrib
ute, though it not a system file. follow these steps to delete this file
I. open command prompt.
II. to search the file type dir avp0.exe /s /a
III. Now change the attribute of file using command attrib -H -S -R <filename wi
th full path >
IV. now delete the file using del <Filename with full path>
3. Also to the following registry value using regedit
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
avpa
if exist delete this value.
4. Now Browse to the registry key
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion\Explorer\Mou
ntPoints2
and Search in sub keys for ntde1ect.com
and delte it.
5. Restart you computer.
Note: Improper Registry editing may caiuse OS crash.
* 1 year ago
Source(s):
http://www.runscanner.net/getmd5.aspx?MD...
*******************************************
Re: Problem with harddisk - double click on my C, D, E, F, G,H disk cannot open
the drive
1. Run Task Manager and go to the Process Tab.
2. Stop wscript.exe process if available by highlighting the process name and cl
icking End Process.
3. Then terminate explorer.exe process.
4. In Task Manager, click on File -> New Task (Run…).
5. Type cmd and click OK.
6. Type the following command one by one :
Code:
del c:\autorun.* /f /s /q /a
del d:\autorun.* /f /s /q /a
del e:\autorun.* /f /s /q /a
del f:\autorun.* /f /s /q /a
del g:\autorun.* /f /s /q /a
del h:\autorun.* /f /s /q /a
7. Again in Task Manager, click on File -> New Task (Run…).
8. Type regedit into the Open text box and click OK.
9. Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
and check the value of this key : Userinit.
The correct value of this key will be :
C:\WINDOWS\system32\userinit.exe,
assuming your Windows is installed on the C drive. If the value is incorrect cor
rect it to value mentioned. Note the trailing comma is necessary.
10. Close registry editor and cmd. Then go to : Task Manager, click on File -> N
ew Task (Run…), type in explorer. It will restart the explorer process. Now try op
ening your drives.
***********************************
In some situation especially when anti-virus program has cleaned, healed, disinf
ected or removed a worm, trojan horse or virus from computer, there may be error
happening whenever users try to open or access the drive by double clicking on
the disk drive icon in Explorer or My Computer window to try to enter the drive’s
folder. The problem or symptom happens in hard disk drive, portable hard disk dr
ive or USB flash drive, and Windows will prompt a dialog box with the following
message:
Windows Script Host
Can not find script file autorun.vbs.
Sometimes you will be asked to debug the VBScript with error code of 800A041F -
Unexpected ‘Next’.
or
Choose the program you want to use to open this file with:
In this case, the “Always use the selected program to open this kind of file” option
is grayed out.
The symptom occurs because when autorun.vbs is created by trojan horse or virus.
The virus normally loads autorun.inf file to root folder of all hard drive or U
SB drive, and then execute autorun.bat file which contains script to apply and m
erge autorun.reg into the registry, with possible change to the following regist
ry key to ensure that virus is loaded when system starts:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
Userinit=userinit.exe,autorun.exe
Finally, autorun.bat will call wscript.exe to run autorun.vbs.
When antivirus or security software detected the autorun.vbs file as infected, t
he file will be deleted or removed or quarantined. However, other files (autorun
.*) and registry value still referring to autorun.vbs, and this document no longer
exists, hence the error when users double click to open a drive folder.
To correct and solve this error, follow this steps:
1. Run Task Manager (Ctrl-Alt-Del or right click on Taskbar)
2. Stop wscript.exe process if available by highlighting the process name and cl
icking End Process.
3. Then terminate explorer.exe process.
4. In Task Manager, click on File -> New Task (Run…).
5. Type “cmd” (without quotes) into the Open text box and click OK.
6. Type the following command one by one followed by hitting Enter key:
del c:\autorun.* /f /s /q /a
del d:\autorun.* /f /s /q /a
del e:\autorun.* /f /s /q /a
c, d, e each represents drive letters on Windows system. If there are more drive
s or partitions available, continue to command by altering to other drive letter
. Note that you must also clean the autorun files from USB flash drive or portab
le hard disk as the external drive may also be infected.
7. In Task Manager, click on File -> New Task (Run…).
8. Type “regedit” (without quotes) into the Open text box and click OK.
9. Navigate to the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
10. Check if the value name and value data for the key is correct (the value dat
a of userint.exe include the path which may be different than C drive, which is
also valid, note also the comma which is also needed):
“Userinit”=”C:\WINDOWS\system32\userinit.exe,”
If the value is incorrent, modify it to the valid value data.
****************************************************************************
If Hard drive cannot open by double.and even if open,it show search window resul
ts*************
[HKEY_CLASSES_ROOT\DRIVE\SHELL and then click on that default value ---Modify an
d change value data as "none"
****************************************************************************