How to remove ! My Picture.scr

-

! My picutre.scr (check the spelling of picutre) is a trogen which will infect your computer and pendrive easily and it is very hard to remove or detect by an antivirus or antimalwares. When my computer was infected by this virus i tried to remove it with MSE and malwarebytes but both can't even detect this malware. So i googled through some pages and i have found out some clever way to remove this trogen which i am sharing with you guys.

> First open your windows OS in Safe Mode with networking (press F8 [win 7]when booting or restarting your computer)

>To show hidden files and folders:go to explorer> organize>folder and search option>show hidden files folder and drives> uncheck below three hide options and click apply

>Open Run from start menu or press Windows key +R

> Type msconfig click ok

>Select Startup tab
Warning: Take proper precautions after this step dont delete or remove systems file or functions

> Uncheck start up items which have a command/location C:\Program data\system 32 (its not on program files)

>Also uncheck any items with random long value (example :3ae4g456ijgx2klaselfdc47fcdc) and its command/location will look something like this C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3ae4g456ijgx2klaselfdc47fcdc.exe ; (red username is your computer name)
 or
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\3ae4g456ijgx2klaselfdc47fcdc.exe

>Delete System32.exe from C:\Program data\system 32.exe (Warning: Only delete system32.exe in this location  and other system32.exe file you delete causes crashing and formatting of your system)

>Then delete  "! My picutre.scr" from all root drives; that is go to the drive C, D, E, F, G etc or even your pendrive and manually delete "! My picutre.scr" by selecting the file and Shift+Delete.

>After that go to the locations which were we found out using msconfig
eg: C:\Users\username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
and 
or
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

and delete those executable with random looking letters eg:
3ae4g456ijgx2klaselfdc47fcdc.exe

Cleaning Registry 
> Now go to run Windows+R
Type regedit
>Press Ctrl+F
>Type ! My picutre.scr
>enable all check box and click find next
>delete all the keys with ! My picutre.scr
>repeat the steps for the random letter executable also eg: 3ae4g456ijgx2klaselfdc47fcdc.exe

Comments

Post a Comment

Popular posts from this blog

Convert excel files to .vcf for transfer of contacts from Pc to Andriod device

-
Open Excel Create three columns with following titles: 1. First Name 2. Last Name 3. Phone Number Fill your data row wise in the respective columns and then press Alt+F11 to enter the Visual Basic mode. In the left corner you will see This workbook under VBA Project (Your file name). Right click on This workbook - Move the cursor to Insert - Click Module A new window will appear, paste the following codes there: Private Sub Create_VCF()     'Open a File in Specific Path in Output or Append mode     Dim FileNum As Integer     Dim iRow As Double     iRow = 2     FileNum = FreeFile     OutFilePath = "D:\OutputVCF.VCF"     Open OutFilePath For Output As FileNum     'Loop through Excel Sheet each row and write it to VCF File     While VBA.Trim(Sheets("Sheet1").Cells(iRow, 1)) <> ""         LName = VBA.Trim(Sheets("Sheet1").Cells(iRow, 1))    ...
Read more

Compare two columns and get values from third parallel column in excel

-
Image
Here's a simple explanation of what I'm having trouble with. Column A: List of 2300 order numbers Column B: Email Address associated with an order number Column C: List of 100 specific order numbers that I need the email address for So, I'm looking to search column A for a value that matches C, and return the email address from column B in a new column (D). The current formula almost works, but instead of returning the email address where A matched C, it returns the email address from the same row. =IF(ISNA(INDEX(B:B,MATCH(C3,A:A,0))),"",INDEX(B:B,MATCH(C3,A:A,0))) This probably will solve the problem and also remove the  #N/A  result that would appear if you couldn't find a result due to its absence in your lookup list. Thanks,  Neil
Read more

Files not showing in pendrive

-
Dear Friends, Sometime we arrive to a situation when our pendrive shows that a certain amount of space is captured but no files are visible.  Try the following: Check if the file is not in hidden mode.  If the above doesn't work then try the following: Click on "Start" -->Run --> Type cmd and press Enter.  Here I assume your pendrive drive letter as G:  Enter this command.  attrib -h -r -s /s /d g:\*.* --> Press Enter  You can copy the above command --> Right-click in the Command Prompt and  paste it.  Note : Replace the letter g with your pen drive letter.  Now check your pen drive for the files. Good luck..... Neil
Read more