Sunday, 8 December 2013


Virus type: trojan

file type: bath file(Shell)


activities :

1:  Copy itself to every drive

2 :  Corrupt the exe file type

3:  Creates exe files like MyProg.exe,and something like mkldgf



1:   Have an an antivirus copy with full update and online scanner.

2:   You can even use the antivirus that are freely available*.


Description :

AutoRun itself means that it runs automatically.That is the automatic executable file.for example:when you insert a pendrive the pendrive's autorun explorer open itself.The trojan can copy itself from the pen drive.
you can prevent it by disabling the autorun from your control panel.mostly it is caused due to the pendrive data transfers.

Like the autorun programs "AUTORUN.INF" is executed when we open a folder or a drive.
And then it copies itself with all the drives including the exe files mentioned above.
The autorun file is Hidden so you have therefore you have to see the hidden files(properties >show hidden files (check)>hide operating system protected files(uncheck))
The AUTORUN.INF file can be easily opened in the notepad but cannot be modified because it is write protected.

It cannot be deleted in normal mode,The exe files with it can be.but there is no advantage.cause it can be resurrected within 2 or 3 seconds by itself.
Even if you were able to delete it somehow then if there is any of its exe files remain in the drive it copys its own files again(recover its files).

The most important part of this virus is that whenever you click refresh or go from one drive to another by double clicking the hidden files disappears because this virus hide them.
after copying its contents this virus starts corrupting the exe files(softwares that you've downloaded).
So that even if you format the computer whenever you install some software(corrupted by this virus).This virus gets back into your computer again.


Cure :


The simplest one:
1:  Download any antivirus and transfer it into pen drive

2:  restart computer press f8 or f10.

3:  open safe mode normal.

4:  view hidden files and folders.

5:  Now you can see that you can even manually delete the autorun.inf from all drives and rest of all the exe files with it.

6:  intall antivirus from the pendrive.

7:  scan the whole computer.

8: open the registry by start > regedit(type in it) > run

DisableTaskMgr = 1
NoFolderOptions = 1
"Worms" = "%System%\logon.bat"

10 :  After whole scan restart computer in normally.


The Hardest One:
1:  ReInstall the operating system(windows) do not open any files or folders from your drive.

2:  Direct install antivirus from internet(you can open control panel to create the internet connection).

3:  Update the antivirus fully

4:  Run the whole scan of your computer.

5:  remove all the threatening files.


*free antivirus : 
You always get Microsoft security Essential free for windows thats the best.
The most famous one is CALMWIN (open source) with CLAM SENTINEL (open source scanner).
There are many other too but not that effective unless full version.
The above two are the full version antiviruses.

If counter any problems write in here

ERROR MESSAGE "windows is not genuine"


1:  Pop up at the startup "This copy of windows is not geniune" ask to go online and resolve.

2:  Black Screen background wallpaper

3:  Right down corner of the screen "This copy of windows is not Genuine"


This error message usually comes due to illegal windows copy downloaded from internet.Generally it does not happen in the start of the installation of windows but during active use of windows online.The windows installs update and after getting restarted.And suddenly a pop up window comes in front asking to go online and get a license online.

The message becomes little hectic when we regularly use windows.
If you have a license copy then sometimes the key expires and windows asks for the new key online.
But usually the key does not expires,generally some retailers give the cracked copy to customers to fool them and earn money by that.
Beware of these retailers.


This is caused due to the update of windows.There are many security updates of windows but there is one key verification update that checks for the genuine key and blocks the access.


Windows may not works as its full potential.


Firstly whenever you install the windows do not use the recommended settings to get online updates check the last option.If you done it by mistake(Recommended settings) then

go to >control panel > System and security > Windows update(right side) > Change settings(left side) >never check for updates.


"Prevention is better than cure " this is right in this case too.
but still if you want to cure it then

1:  Go to   c\Windows\System, and find WgaTray.exe (do not open).

2:  Open task manager :Task bar(icon bar lower strip) Right click > Open task manager
or ctlr+alt+delete >open task manager

3:  open processes >WgaTray.exe>end process.

4:  come to folder and completely delete(Shift+delete) WgaTray.exe.
you can also right click and open file location to easily get the file.this file open itself within 2 seconds so do this process quickly

5:  Start >Run>regedit(type it and then run) >open HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
delete WgaLogon.

6:  Do the prevention process above step and restart windows.

Another best cure is to install new windows with security updates off.or prevent it after installation

please reply if any difficulties