New Folder.exe Virus also known as Nhatquanglan is a very common virus with high multiply rate. This virus hides itself as
scvhsot.exe though the actual actaul windows process is Scvhost.exe. The virus drops a copy of itself everytime you attach a removable media to your computer. Besides this it disables registry, task manager and removes the option of task manager.
SOFTWARES REQUIREDAs your task manager, registry editor and folder options are disabled we will need a couple of tiny but very helpful softwares.
Click on them to download
Security Task ManagerRRTATTACH YOUR INFECTED FLASH DRIVE(if any) TO YOUR COMPUTER AND MAKE A BACKUP OF DATA ON ITREMOVAL STEPS1. Install
security task manager and start it. You will see one,two or more processes named
Nhatquanglan. Select all of them by pressing Ctrl key and remove them
(right click->remove ->end process-> yes)
2. Next run the
RRT software and remove all the restrictions. Now you will be able to open task manager and registry editor. It will say you need a system restart but you dont need it.
3. Go to Control panel->scheduled task and delete the
At1 task
4. Next C:\windows\system32 folder and click tools->folder options->view tab
Find the Hide protected operating system.... and untick it.
Click YES on the a warning-> click Apply and OK.
FORMAT YOU REMOVABLE DISK WITHOUT OPENING IT OTHERWISE YOU WILL HAVE TO REPEAT ALL THE STEPS5. Next we need to delete some files.
Also you need to be a bit careful as if you double click any of these files you will have to start all over again from step 1In the C:\windows\system32 folder delete the following files.
(The last two files will have the icon of a folder as in the picture)
setting.iniautorun.iniSCVHSOT.exe (225792 bytes)blastclnnn.exe (225792 bytes)In the C:\windows folder delete the following files.
(The files will have icon of a folder)
SVCHSOT.exe (225792 bytes)hinhem.scr (225792 bytes)6. Empty Recycle bin
Now we need to do some registry editing
Please follow these steps very carefully as improper registry editing could lead to system crash.7. Go to start->run->type regedit and press enter
8. Navigate to
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runand delete the string
Yahoo Messengger with data pointing to
SCVHSOT.exe9. Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinlogonFind the string named shell on the right side with data as
Explorer.exe SCVHSOT.exeDouble click it and Change its value to
Explorer.exeYou dont have to delete anything here
10 Now if your themes, appearance and settings are missing you can download small tool from
hereNow your pc is clean from this nasty virus.
WORD OF CAUTIONWell as a word of caution, whenever you see a file with an icon of a folder, BE CAREFUL. In 99.99% cases it will be a virus ready to infect as soon as you double click it.
For any comments, suggestions or queries please use the
comments section or click the contact me picture above.