|
Advertisements |
Trouble:
Recently my desktop was infected with this Ahsan computer virus, the virus came from my cousin mobile phone memory card. I was quite happy as after a long time I had to deal with this virus called Ahsan Virus which was quite easy to remove. I removed this virus without any anti virus in around 5 minutes only.
It was not as much fun as this ahsan was quite easy to remove even with out any help of any antivirus. Let’s see what are the most common symptoms of ahsan virus on a windows computer.
Ahsan virus renames My computer to Ahsan’s Computer, renames Recycle Bin to G. W. Bush
, disables registry editing and don’t allow you to show hidden files and folders through folder options.
Let’s discuss the full step by step procedure to remove ahsan virus, and you don’t have to boot in safe mode to remove this ahsan virus
1. Download process explorer from here, extract the .zip archive and run it by clicking procexp.exe make sure to kill all the process with name Firewall.exe , CSRSS.exe shown in process explorer.
2. Now, download Everything search tool from here, and find and delete all the files with following names.
Type these files names in the search tool and delete all the files.
Note: Delete csrss.exe files found outside C:\Windows only and autorun.inf files in C:\Windows and in the root directory of all the drive like C, D, E drive and your removable pen drive etc
system.exe
csrss.exe
Home video.avi.exe
autorun.inf
3. Go to Start >> Run and copy and paste the following command given below and press enter.
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
4. Now go to Start >> Run and type regedit and press enter,
Search and delete all entries with name "Ahsan" , site 110mb.com and Bush.
5. Navigate to the following registry path and delete any key value names with NoFolderOptions
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Policies\Explorer
6. Navigate to the following registry path
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced. Find the value "Hidden" .
Right click it and modify it to 1. If Key value hidden is not present there then you will need to create it and close registry
7. Again open Start >> Run and type msconfig and press Enter.
Locate the startup entries by ahsan virus and uncheck these entries and also make sure you remove any thing suspicious in Start Menu >> All Programs >> Startup Folder
Uncheck the entries named CRSS and A.M.K.B_Pk and click apply and Ok.
8. That’s it done, restart now.
You can follow us on Twitter or join our Facebook Fan Page. If you have a question to ask us, submit your question at Answers By Trouble Fixers.
|
{ 15 comments… read them below or add one }
← Previous Comments
hello
in my mc due to Ahsan’s computer virus run option is not displying then how i rove it
when I m removing csrss.exe, my pc gets restart every time, so how I can remove Ahsan virus?
when i removing a crss.exe file my computer has come an blue screen for 1 second and then my computer restart automaticly and i run any game in computer the game was automaticly closed.
i got a problem.when i try to remove crss.exe he says :access is denied
Please help me
Probably you have killed the process which has same name ” crss.exe”
you have to kill the process which having Windows Media Player icon
← Previous Comments