An annoying features while the computing technology is advancing. The living of disturbing viruses. Which in this category. It`s a malware. Transferring itself via flash drive (USB drive/pendrive) from one computer to another.
Virus known as VirusMWRDY.js (Virus Mawar) or AhPaw.js will duplicate itself to the main drives and disabling the access to that particular drive later on. It`s covering itself under internet browser file name Spa Q - The Novel (or others). This is the guide to remove VirusMwrdy.js or virus Mawar.
To remove this disturbance simply follow the guide written below.
* Written guide below are for Windows use. I don`t think Mac will have this particular virus.
- Step 1 : Disable System Restore (right click at My Computer > click Properties > System Restore > check at the Turn Off System Restore > click OK)
- Step 2 : Restart computer in Safe mode (restart PC normally, press F8 repeatedly from the beginning of restarting process, a menu will appear, (see picture attached) wait a while for the list of system files to load. The windows will run normally but without few programs and the appearance will not be the same, don`t worry this will change when you restart later)
- Step 3 : Login to YourUserName/Administrator
- Step 4 : Uncheck all Hidden Files and protected Operating System Files (My Computer > Tools (see picture attached) > Folder Option > View > Check the "Show hidden files and folders" > Uncheck "Hide protected operating system files" -click OK when prompted > Click OK to apply settings)
- Step 5 : Click to drive that contains virus - C: , D: , E: or any removable drive attached and
- find autorun.ini (uncheck hide extension for known file types on Step 4 to make sure) and delete the files permanently ( Shift + Delete )
- find VirusMwrdy.js (if any) and delete the files permanently
- find Ahpaw.js (if any) and delete the files permanently
- Step 6 : My Computer > right click on C: drives > Properties > Disk Cleanup > More Options > System Restore > Cleanup > Yes when prompted > OK
- Step 7 : Run Registry Editor (on keyboard press Windows key + R / click on Start > Run)
- type regedit
- highlight at My Computer and press Ctrl + F to start search and type virusmwrdy.js or ahpaw.js at the search box
- delete all the key that have the given name
- search again and repeat until there`s none left
- search for different terms like mawar (for virusmwrdy) or ahpaw (for ahpaw.js)
- repeat searching and delete them once detected
- Step 8 : Double check every step and restart windows normally
- Additional for Internet Explorer : To remove title on Internet Explorer saying (virus mawar is back, now with muse...)
- open regedit again
- go to HKEY_CURRENT_USER\Software\Microsoft\Internet Explore\Main
- find Windows Title and delete it. (see picture attached)
Short Summary for Advanced Windows User:
- Step 1 : Disable System Restore (My Computer > Properties > System Restore)
- Step 2 : Restart in Safe Mode
- Step 3 : Login to Admin/User
- Step 4 : Check Hidden Files and uncheck hide Operating System Files on Folder Option
- Step 5 : Go to drive that contains virus
- delete autorun.ini
- delete VirusMwrdy.js
- delete AhPaw.js
- Step 6 : My Computer > Properties > Disk Cleanup > More Options > System Restore > Cleanup > OK
- Step 7 : Run regedit find on My Computer
- virusmwrdy.js (or different term mawar) and delete
- ahpaw.js (or different term ahpaw) and delete
- repeat search and delete all string with the name stated
- Step 8 : Double check from Step 1 to Step 7
- Additional for Internet Explorer : (how to remove virus mawar is back now with muse on Internet Explorer)
- find string Windows Title at HKEY_CURRENT_USER\Software\Microsoft\Internet Explore\Main using regedit and delete
Thank you and happy cleaning.
More topics on ikmalTips.
Ikmal Ezzani. born in April `87. started blogging `08. a noobie in blogging. a master in sleeping.
2 comments:
Thanks for this great post. Really help me. Cheers.
hi ikmal
tried your tips to remove virusmwrdy.js
it works!
tq
Post a Comment
Want to be notify on comment reply? Subscribe to: Post Comments