After selecting the option “Show hidden files and folders”, you find that one file of the movable disk disappears right after flashing through the window. When re-click on the “Folder Options”, it still shows the option of “Do not show files and folder”. Moreover, when clicking on the disk icon of C or D, another unknown window pops up.
Symptom description:
1. Could not show hidden file
2. Another window pops up When clicking on the hard disk icon of C or D
3. By Viewing C or D disk with winrar, the files autorun.inf and tel.xls.exe are found under the directories
4. There is a weird “kill” in the applications of the Windows Task Manager
5. There is an odd SocksA.exe within the startup programs
Solution:
Please do not double-click on the hard disks during the following process. To open hard disk, please right-click on the icon and click Open.
Step one: end up virus process
Search for any unknown application similar to “Kill” in the task manager, and right-click on the application ->switch to process -> look for process similar to SVOHOST.exe, and right-click -> select End Process Tree.
Step two: show system file that was hided
Start -> enter “regedit” and navigate to HKEY_LOCAL_MACHINESoftware\Microsoft\Windows\Current\Version\explore\rAdvanced\Folder\Hidden\SHOWALL, delete the key of CheckedValue; right-click on the blank -> select New -> select DWORD value -> name the new key as “CheckedValue” and then double-click to modify its value as “1”. Then you can choose either “Do not show hidden files and folders” or “Show hidden files and folders” optionally.
Step three: remove virus
Right-click the hard disk -> open -> search and delete the two files autorun.inf and tel.xls.exe in every hard disks, including movable disk.
Step four: remove the auto-run files of virus
Start -> Run -> msconfig-> Startup -> delete items such as sacksa.exe、SocksA.exe; or open registry by entering “regedit”.
Navigate and delete the following registry key: HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft> Windows> CurrentVersion>Run.
Search and delete items similar to C: WINDOWSsystem32SVOHOST.exe
Step five: delete the leftover files
Delete SVOHOST.exe(please note that Windows system also has a similar file), session.exe、sacaka.exe、SocksA.exe and all files which icons are similar to excel, under the directories of C:WINDOWS and C:WINDOWSsystem32.
Finally, restart your PC to finish.
- Relevant Knowledge
- Rundll32.exe—Remove Rundll32.exe in 5 Minutes!
- Spyware – Effectively Remove Spyware from Your PC
- Spyware – Remove Spyware within Five Minutes
- Spyware – How to Remove Spyware from Your PC Effectively
- Keylogger – How to Remove Keylogger from Your Computer?
- What is Aware and How to Remove Adware from Your Computer?
- Spyware – How to Remove Spyware from Your Computer
- VirTool:Win32/DelfInject.gen!X
- Shareware - Smart Choice for Protecting Your PC
- Nine possibilities to cause high CPU occupancy rate
- How to Remove W32.Blaster.Worm Thoroughly - Worms Removal Tips
- 3DStars Trojan
- Simple Tutorial on How to Remove Win32/Vundo.gen!O on Your Computer
- Get to Know the Top Method to Remove Keylogger.MySuperSpy
- Eliminate Erin Andrews Virus - Useful Steps to Remove Erin Andrews Virus
- 180Solutions.Zango Removal - How to Delete 180Solutions.Zango Installed on Your PC
- How to Get Rid of WinSecure Antivirus - Quick And Easy Tips
