USB Virus Removal Info
This is the simplified instructions for finding and removing a USB transmitted virus I have found on numerous computers while deployed to Afghanistan (look at the bottom of this document for more information on the virus). This virus is a major security risk when the system is connected to the internet. At a minimum if infected, you will pass the virus to other by sharing USB storage devices. Windows XP users or anyone who has problem in step 4 should use Safe Mode. To get in to safe mode, restart/turn on your computer. When you see the first thing that appears on the screen, such as an HP, Dell, Toshiba logo screen, start tapping F8 slowly. This will bring up the advanced booting options. Select Safe Mode and press Enter.
1. Click START > Run (on XP) or START > Search box (on Vista and 7) and type CMD and press Enter
2. You should be in the folder C:\Users\ (in XP will be C:\Documents and Settings\). Type ATTRIB *.exe and press Enter
a. If a file is shown with the attributes SHR, take note of the filename (e.g., .exe or lsass.exe and proceed with step 3. Normally, there should not be any files in this folder that end in .exe.
b. If you don't find any .exe files then your computer is probably not infected but proceed to step 9 to prevent infection and follow the steps in the section to prevent your USB drives from spreading the virus.
3. Type TASKMGR and press Enter.
4. Find the .exe or lsass.exe in the list. Right click on it and select End Task. Close the Task Manager. (Note: in XP, you will see lsass.exe run by SYSTEM. This file is legit. If it is run by your username, this file is a virus and should be removed. )
5. Go back to the command prompt window and type ATTRIB –s –h –r *.exe and press Enter. (You can also do the same with ATTRIB -s -h -r *.scr because some variants use a corresponding file.)
6. Type DEL *.exe and press Enter (You can also do DEL *.scr too.)
7....