Usually viruses carry on three functions. They infect the system, protect themselves, and try to spread around. The infection usually comes through removable media and infected software on the drive or placed on the internet. To stop the infection from a virus you need a good antivirus, but precaution is better than cure.
Be very careful while using removable media because this devices offer one of the greatest ways for viruses to start their executables on the USB host PC. Don’t double click on that drive and don’t open it with a right click. Instead, open this drive by the address bar. In this case executable for virus will not start.
To protect themselves from the removal viruses use some basic and some advanced ways. The advanced ways are related to the virus reanimation after the removal, and this issue usually solved by the antivirus professionals. The basic ways of protection can be approached by anyone during the virus removal.
The first thing it usually did is hiding itself with the Windows “hidden” and “system” properties for files. To see the virus files you need to enable hidden and system files view on your system in the Folder Options View. Just uncheck the box named “don’t show the system file and folder”.
The second thing that viruses do for their safety is disabling the common windows tools that might help to remove them from the system. The usually disabled tools include Registry Editor (regedit), Task Manager, Group Policy Editor (gpedit.msc), Run CMD utility in the Start menu, Folder Option in File Explorer, Control panel, update check, Find Menu and Task Bar. Since the virus can block Folder Options for view hidden and system files, it alongside with other methods might make the removal of virus hard and too complex for the majority of PC users, that is why being careful and using a good up-to-date antivirus programs are the most important advices.
To distribute themselves viruses infect your executables on all the drives including removable USB storage devices. The viruses also might place a downloading direction into all the HTML files on the system, and so the virus will just download itself each
time when the infected file is started. This way is might be used for the constant virus update.
New folder virus specifics
New Folder.exe virus is a severe virus with unusual effects. It hides folders in USB drives, disables Task Manager, disables Registry editor, disables Folder Options, and removes Run CMD option from Start menu. Virus creates exe files looking like icons of folders with the name of a real folder in hard disk and USB storage device, it also slow your system performance. The NewFolder virus is one of the most difficult to remove viruses. Sometimes even re-formatting the drive doesn’t help because the virus comes back after reboot. There is another issue that can arise during the manual removal – the evolution of the virus that might make some instructions obsolete faster than these instructions are updated.
How to remove New Folder.exe virus manually?
Note: Manual removal of folder viruses may be difficult, as the removal process requires knowledge of the operating system command prompt. If not performed properly, your system and data in USB flash might experience permanent damage. We highly recommend you use a good virus remover to automatically detect and remove the new folder.exe virus.
Remove files associated with this virus
Search for autorun.inf, svichossst.exe, new_folder.exe, regsvr.exe files on USB drive and on the system, and then delete them. Be careful because some of these files have names looking like the important system files that you might delete by mistake and make your system inoperable.
Remove the following keys from registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] “Yahoo Messenger”=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] “Shell”=”regsvr.exe “
Starting system services disabled by the virus.
Put files: appmgmts.dll, appmgr.dll, fde.dll, fdeploy.dll, gpedit.msc, gpedit.dll, gptext.dll into %SystemRoot%\system32\ folder
Put files system.adm, inetres.adm, conf.adm into %SystemRoot%\system32\GroupPolicy\Adm\
Note: Create this folder if it doesn’t exist)
Register the needed by the system and disabled by the virus components with CMD tool:
You can use a butch file instead for this task, if you write one or download from the internet. This way will help to eliminate the chance of some typo becoming a serious system error. Though, it is better to use some professional removal utility because it is tested and improved over the time tracing and fighting all new virus modifications.