Remove / Delete Ahsan Computer Virus | Kill Ahsan Virus

Trouble:

Recently my desktop was infected with this Ahsan computer virus, the virus came from my cousin mobile phone memory card. I was quite happy as after a long time I had to deal with this virus called Ahsan Virus which was quite easy to remove. I removed this virus without any anti virus in around 5 minutes only.

It was not as much fun as this ahsan was quite easy to remove even with out any help of any antivirus. Let’s see what are the most common symptoms of ahsan virus on a windows computer.

Ahsan virus renames My computer to Ahsan’s Computer, renames Recycle Bin to G. W. Bush

, disables registry editing and don’t allow you to show hidden files and folders through folder options.

Let’s discuss the full step by step procedure to remove ahsan virus, and you don’t have to boot in safe mode to remove this ahsan virus

1. Download process explorer from here, extract the .zip archive and run it by clicking procexp.exe make sure to kill all the process with name Firewall.exe , CSRSS.exe shown in process explorer.

2. Now, download Everything search tool from here, and find and delete all the files with following names.

Type these files names in the search tool and delete all the files.

Note: Delete csrss.exe files found outside C:\Windows only and autorun.inf files in C:\Windows and in the root directory of all the drive like C, D, E drive and your removable pen drive etc

system.exe
csrss.exe
Home video.avi.exe
autorun.inf

 

3. Go to Start >> Run and copy and paste the following command given below and press enter.

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

 

4. Now go to Start >> Run and type regedit and press enter,

Search and delete all entries with name "Ahsan" , site 110mb.com and Bush.

5. Navigate to the following registry path and delete any key value names with NoFolderOptions

HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Policies\Explorer

 

6. Navigate to the following registry path

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced. Find the value "Hidden" .

Right click it and modify it to 1. If Key value hidden is not present there then you will need to create it and close registry

7. Again open Start >> Run and type msconfig and press Enter.

Locate the startup entries by ahsan virus and uncheck these entries and also make sure you remove any thing suspicious in Start Menu >> All Programs >> Startup Folder

Uncheck the entries named CRSS and A.M.K.B_Pk and click apply and Ok.

8. That’s it done, restart now.

Author + Admin: Rohit Khurana
Software Engineer by profession. I am a part time tech blogger and believe in blogging because I enjoy writing on technology. I also write about Cars and Bikes at www.carblogindia.com. You can catch me on twitter @rohit_khurana. Get in touch with me at RohitKhurana.in.