Double-click Your C Drive: Solved 
1) Double-click on My Computer on Desktop. 
2) Choose Tools and select "Folder options" 
- Click on "View" tab, select "Show Hidden files and folders" and uncheck "Hide Extention...." 
- Click on "Hide protected operating system files" (these selections are important to find the files you need to delete)/ 
- Click "OK." 
3. Open Windows Task Manager (ctrl-alt-del) and select the "Processes" tab 
- Click on "Image name" to sort the list 
- Find "wscript.exe" and click on "End Process" (if there is more than one process with that name you have to end all of them)
- Close Windows Task Manager. 
4. Click on Start and select "Search" and search for "autorun.inf" (search the computer) 
- Delete all the files that contain the text MS32DLL.dll.vbs (the virus) by pressing Shift+Delete. (There obviously should not be Autorun.inf in the C: root). 
5. You will also delete the virus from the system (C:\WINDOWS\ MS32DLL.dll.vbs) by pressing g Shift+Delete. 
6. Next you have to edit the Register. (Please not that you have to be very careful in the Registry tools; certain mistakes in the Registry can crash your computer) 
- Click on "Start" and select "Run" and type in "Regedit" and press "Enter". 
- Select HKEY_LOCAL_MACHINE --> Software -->Microsoft -->Windows --> Current Version --> Run. 
- Find "MS32DLL" and delete that entry. 
6. Select HKEY_CURRENT_USER --> Software --> Microsoft --> Internet Explorer --> Main. There you find Window Title "Hacked by Godzilla" and you should delete that entry. You can close the Registry now. 
7. Click on Start --> Run and type in "gpedit.msc" and press "Enter." 
-- Open "Group Policy": select User Configuration --> Administrative Templates --> System --> and there you will double click on "Turn Off Autoplay" 
- In the window there you should select "Enabled" and select "All drives" (they say in a certain Thai website that select all turn of Autoplay will be safer for not getting viruses). Now you can close the Group Policy. 
8. Click on Start --> Run and type "msconfig" and press "Enter". 
- Open "System Configuration Utility". 
- Click on "Startup" tap 
- Find the file MS32DLL, choose Enable All, then uncheck "MS32DLL" 
- Click Apply and then OK to close 
- Exit the "System Configuration Utility" and select "Exit Without Restart" when prompt. 
9. After this, double-click on My Computer and select "Tools" and "Folder Options" and "View" tap to change back there. 
- select "Hide Extention..." and "Hide protected operating system file" and "Don't show hidden files and folders". 
- Empty the "Recycle bin" and "Restart" your computer. 
Extended Solution: 
After you have deleted all these Autorun files, if your drives still do not want to open with a left click: 
Start the Registry editor: Start->Run "regedit" 
or alt-ctrl-del, File->New Task... "regedit" 
Navigate to: 
HKEY_CLASSES_ROOT\Drive\shell 
If there is a folder: HKEY_CLASSES_ROOT\Drive\shell\open 
Delete it. 
There should only be Drive\shell\find and maybe Drive\shell\cmd, but if you see Drive\shell\open, delete it. 
Make sure that when in HKEY_CLASSES_ROOT\Drive\shell\, the (Default) key on the right hand window should have a value of "none": 
Name: (Default), Type: REG_SZ, Value: none 
If your computer is still not fixed, here is a complete registry dump of what the HKCR\Drive\ registry path should look like, along with the HKCR\Directory\ path as well: 
Note: you can copy the below lines into a text editor (notepad) and save it as "drivefix.reg" and double click it. All the values below will be entered into the registry, overwriting existing values. But values which do not appear here are not affected. 
Note: The @ sign is the name of the (Default) value for each directory/key in in the registry. 
--------------------------------------------------------------------------------
Windows Registry Editor Version 5.00 
[HKEY_CLASSES_ROOT\Drive] 
@="Drive" 
"EditFlags"=hex:d2,01,00,00 
[HKEY_CLASSES_ROOT\Drive\DefaultIcon] 
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\ 65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,38,00,00,00 
[HKEY_CLASSES_ROOT\Drive\shell] 
@="none" 
[HKEY_CLASSES_ROOT\Drive\shell\find] 
"SuppressionPolicy"=dword:00000080 
[HKEY_CLASSES_ROOT\Drive\shell\find\command] 
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\ 
65,00,00,00 
[HKEY_CLASSES_ROOT\Drive\shell\find\ddeexec] 
@="[FindFolder("%l", %I)]" 
"NoActivateHandler"="" 
[HKEY_CLASSES_ROOT\Drive\shell\find\ddeexec\application] 
@="Folders" 
[HKEY_CLASSES_ROOT\Drive\shell\find\ddeexec\topic] 
@="AppProperties" 
[HKEY_CLASSES_ROOT\Directory] 
@="File Folder" 
"AlwaysShowExt"="" 
"EditFlags"=hex:d2,01,00,00 
"InfoTip"="prop:DocComments" 
[HKEY_CLASSES_ROOT\Directory\Background] 
[HKEY_CLASSES_ROOT\Directory\Background\shellex] 
[HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers] 
[HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\New] 
@="{D969A300-E7FF-11d0-A93B-00A0C90F2719}" 
[HKEY_CLASSES_ROOT\Directory\DefaultIcon] 
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\ 
65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,33,00,00,00 
[HKEY_CLASSES_ROOT\Directory\shell] 
@="none" 
[HKEY_CLASSES_ROOT\Directory\shell\find] 
"SuppressionPolicy"=dword:00000080 
[HKEY_CLASSES_ROOT\Directory\shell\find\command] 
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 
00,5c,00,45,00,78,00,70,00,6c,00,6f,00,72,00,65,00,72,00,2e,00,65,00,78,00,\ 
65,00,00,00 
[HKEY_CLASSES_ROOT\Directory\shell\find\ddeexec] 
@="[FindFolder("%l", %I)]" 
"NoActivateHandler"="" 
[HKEY_CLASSES_ROOT\Directory\shell\find\ddeexec\application] 
@="Folders" 
[HKEY_CLASSES_ROOT\Directory\shell\find\ddeexec\topic] 
@="AppProperties"
 
 
 
No comments:
Post a Comment