/virus/folder_virus

Virus Removal Techniques

Special Case: Remove Pravat Virus (Browser Hijacker)

Initial Symptoms:

  • The title in the internet explorer shows Microsoft Internet Explorer by Pravat

SOURCE

  • The removable disk (pen drive) with the files sys.vbs and autorun.inf

Precautions:

  • Never double click on the removable disk (pen drive)
  • Turn off the autoplay features on the removable drives (Try Tweak UI)
    Click here to see how to turn off autoplay features using Tweak UI
  • In the sytem with autoplay enabled hold the shift key when inserting the pen drive to bypass the autoplay features
  • Remove the recycler folder and the autorun.inf and sys.vbs from the removable drive
  • Safely remove the removable disk and re-plug in the removable disk to enable open feature on double clicking

CURE

  • Disable the system restore on all the drives
  • Delete the running wsscript from the memory (task manager or the process explorer can be used to delete it)
  • Delete the file sys.vbs from the %system%\system32\sys.vbs where %system% may be C:\windows\ or D:\windows (i.e. C:\windows\system32\sys.vbs )
  • Run regedit from the start>>run>>regedit
  • Press F3 and type Pravat on the search box
  • Change the entry Pravat anything you like
  • Logoff and relogon the system

Current Comments

1 comments so far (post your own)

Thanks for the great article. It surely did help a lot.

Posted by AJ on Thursday, 04.2.09 @ 11:09am | #16

Leave your comment:

Name:

Email:

URL:

Comments:

Verify:
 

Note: Emails will not be visible.

No HTML code is allowed. Line breaks will be converted automatically. URLs will be auto-linked. Please use BBCode to format your text.