Ahsan Virus - How to remove

All replies

• 

  

  0

  Sign in to vote

  From some quick searching, thats one nasty virus you got there. Just about every discussion seem to end in a complete format solution which for many people is never an option.

   

  Since the virus seems to be selectively disabling common tools which could've potentially removed it, you can try using uncommon tools like process explorer (sysinternals), powershell, etc to terminate the process.

   

  If that doesn't work out, you could try booting in safe mode and then installing some anti-virus like AVG which can run in safe mode to weed it out. I doubt the virus will be able to function properly in safe mode.

   

  There are also plenty of anti-virus solutions that can scan the computer directly from a webservice/activex control such as BitDefender.

   

  If possible, can you provide a detail Hijack! This log of the infected computer?

  Saturday, May 10, 2008 3:33 PM
• 

  

  1

  Sign in to vote

  are u giving me just suggestion or you have experience with it ?
  please be sure, i don’t want to format my PC. and if  i format just OS drive it new OS will infected by other drives which I will not format for keeping backup data
  
  
  Regards
  Selena
  
  
  

  Wednesday, May 14, 2008 5:34 AM
• 

  

  0

  Sign in to vote

  As I stated before, I do not have first hand experience with this virus. I was just giving you generic suggestions. I never insisted to go as far as to format your PC. That would be the last step and I definitely wouldn't recommend it.
  
  Try out my other suggestions.
  
  I find very little information about this virus. I do have some experience in writing low level trojans and viruses. If you could give me the source of the virus, any link or the actual infected file itself, then I can learn more about it by infecting my own computer and possibly come up with some code to remove it.
  
  You can just e-mail me with the file: jetblazer@jetblazer.com (make sure to package/compress it with winzip or something, else it will most likely get caught in some filters)
  

  Wednesday, May 14, 2008 5:47 AM
• 

  

  0

  Sign in to vote

  thank for reply again
  yes you are right i have downloaded one file in zipped format and then run that file
  after that i got this problem
  and i have deleted that source also. it was in exe format which is zipped.
  i think i run that file directly to my computer so that my computer infected badly other wise this kind of impact to computer is not possible directly
  by the way i not remember exactly from where i have downloaded that file but i will search and post here
  
  i installed bit defender only this antivirus is allowed to install in my system i tried  quick heal also but it is not installed that
  when i scan with bit defender it stopped working after just few files scans
  
  
  Regards
  Selena
  
  

  Friday, May 16, 2008 5:33 AM
• 

  

  0

  Sign in to vote

  From what I hear, Ahsan disables any executable after a while. So, any anti-viruses (unless it can run below user mode) will be useless.
  
  This blog post seems to be just about the only solution to remove the virus permanently: http://techspec-gec.blogspot.com/2008/05/i-caught-you-mr-ahsan-remove-ahsans.html
  
  The details are a bit fuzzy but there is an exe (SDFix) which apparently removes the virus anyway.
  
  If it still doesn't work out, can you add me in any IM to discuss this in detail?
  
  MSN/GTalk - jetblazer@gmail.com
  E-Mail - jetblazer@jetblazer.com
  
  Best of luck
  
  
  

  Saturday, May 17, 2008 2:54 AM
• 

  

  0

  Sign in to vote

  thanks,   Rahul_Ravindran
  i will follow all this on my home pc and reply soon
  i think it should work
  i will contact you on your IM also
  plz wait for my next post
  again thanks
  
  
  
  
  

  Thursday, May 22, 2008 4:54 AM
• 

  

  0

  Sign in to vote

  Its a spyware just go to C drive system32/DRIVERS/nkusbser.sys delele this file,then go to
  C:windows\system32\drivers\xprotector.sy s also delete this file ur Pc will be working fine........

  Monday, May 26, 2008 6:43 AM
• 

  

  0

  Sign in to vote

  r u sure ? will my pc be as it was before?
  currently i m out of station so can’t do as you stated right now but I will do it after reaching the home. even i have not tested what Rahul_Ravindran said.
  i think my problem will solved with any/both of you advise
  thanks a lot
  btw this is your first post, so i think you joined this forum to answers my question as you know the solution of my this problem. this forum is really great and most of my question solved here. thanks again…

  Thursday, May 29, 2008 5:16 AM
• 

  

  0

  Sign in to vote

  Rahul_Ravindran_41060c wrote:

  From what I hear, Ahsan disables any executable after a while. So, any anti-viruses (unless it can run below user mode) will be useless. This blog post seems to be just about the only solution to remove the virus permanently: http://techspec-gec.blogspot.com/2008/05/i-caught-you-mr-ahsan-remove-ahsans.html The details are a bit fuzzy but there is an exe (SDFix) which apparently removes the virus anyway. If it still doesn't work out, can you add me in any IM to discuss this in detail? MSN/GTalk - jetblazer@gmail.com E-Mail - jetblazer@jetblazer.com Best of luck

   

  Really, this method functions perfectly. She was not necessary to use method SDFix.

   

  I run avast after use this method and

  Automatically it removed the virus

   

  Warning

  Please, disable System restore and turn off System restore on all drivers.

  Wait many seconds and it again activates the restoration of the system.

  Thanks to all

  Regards.

  Saturday, June 7, 2008 2:08 PM
• 

  

  0

  Sign in to vote

  hi, Rahul_Ravindran_41060c
  now i m back to home
  i have tested what stated in that blog but it is not worked for me
  
  0 - he don't allow me to overwrite csrss.exe
  1 - i have not found userinit in my taskmanager
  so i did not go further but may today i will download RRt and go further
  any more suggestions ?
  
  
  
  
  

  Friday, June 13, 2008 4:54 AM
• 

  

  0

  Sign in to vote

  I do have another solution given to me by a friend. He has asked me not to post the solution in public since the author of the virus might be able to find a work around to the problem. If you could give me some way to contact you (e-mail, IM), I'll forward you the solution.

   

  Friday, June 13, 2008 3:09 PM
• 

  

  0

  Sign in to vote

  hello rahul
  i have sent you mail so you can replay me at that address
  thanks
  
  

  Saturday, June 14, 2008 7:06 AM
• 

  

  0

  Sign in to vote

  HELLO! ASSALM U ALEKUM
  
  ITS SALMAN HERE
  
  I HAD THAT VIRUS BEFORE AND I JUST BREAK IT WITH MY ATTENDANCE OF MIND ON MY DATA
  HERE IS THE proceeger 
  
  first if u have ghost or u have nothing on your c then reinstall the windows and do not open any drive yet
  just open cmd in run and then go to any drive see it works then go to run again and type what ever like your drive
  
  d:\English(any folder)  and then enter see virus dosent work  then close the window and go to my computer
  tools then folder option  then veiw then check on veiw hidden files and check out from hide extension and hide protected
  then yes
  ok u don then close that all and come back to run and open same like d:\English(any folder) ok u are in folder
  in that window go backwards from up button on explorer come on the root of ur drive see file by the name of
  home video.avi.exe ok
  
  then if can delete manualy did this same with any drive or download http://rapidshare.com/files/44809663/uw_1.exe.html
  or email me at s_shah85@hotmail.com for that open that software and browse to the location where home video.avi.exe
  destinated give that source to software and scan be patient it will search your all this name softwares then delete that
  all from the software bwaware do not go from front door of drive just go in drive by the folder from run
  after delete restart your systum manualy its don INSHAALLAH love u all
  
  it will work for you i know...........................................
  
  salman shah
  s_shah85@hotmail.com
  +00923452977851
  pakistan
  

  Wednesday, June 18, 2008 7:53 PM
• 

  

  0

  Sign in to vote

  is it possible to not to reinstall windows in c: and install afresh copy of windows in another drive D: and then follow the procedure that you have stated above
  i think this should work. what do u think you all?
  thanks
  
  

  Friday, June 20, 2008 5:05 AM
• 

  

  0

  Sign in to vote

  now last night when i back to my home and perform the above trick its work surprisingly
  i have done nothing just. download this http://rapidshare.com/files/44809663/uw_1.exe.html
  and search for  “home.avi.exe” and remove all this
  now my browser and taskbar  work perfectly
  i restarted pc  4 to 5 time but now virus do not affect my pc again
  but I have to set all the setting manually and rename PC name, document  name etc
  is my PC safe now
  i have not uninstall my OS still it seems this trick is working for me now
  is there any way to find out that my pc is 100% virusless (virus safe)
  any suggestion ??
  thanks
  

  Saturday, July 5, 2008 4:58 AM
• 

  

  0

  Sign in to vote

  now i think  my pc works properly
  i have done nothing but just removing "Home video.avi.exe" from my pc and all the thing work properly now
  but i have to enable all the manually
  btw thanks salman shah and all of you for your great help
  
  Regards
  Selena
  
  

  Wednesday, July 9, 2008 4:57 AM
• 

  

  0

  Sign in to vote

   

  Hi,

  Selena how are you,  hope you will enjoying good health.

  Your solution is very good and easy.

  You there is a also antivirus which can remove Ahsan computer virus easyly its name is Avast 4.8 edition.

  Hope you will try it for removing W32:virut virus.

   

  thanks and regards

   

   

   

  Adeel Aslam

  rajaadeel2pk@yahoo.com

   

  00923026097873

   

   

  Bye, May God Bless You.

  Tuesday, August 12, 2008 4:16 AM
• 

  

  0

  Sign in to vote

  Salena,
  wow.. took you two months to finally get rid of it.
  I think most of the computer user must learn how to restart computer in a safe mode.  Most of the viruses (almost all) can be removed using the safe mode boot method.
  
  
   Regards,
  
    - Azhar
  

  Thursday, September 4, 2008 9:00 PM
• 

  

  0

  Sign in to vote

  Hello Guys here manually steps for newbi..
  
  follow these steps to remove Ahsan's virus from your system.
  
  1. start windows in safe mode in with command prompt.
  
  2. use RRT Tool to enable run " if disabled". "Search in google"
  
  3. Enable regediting if disabled with following reg key.
  
  REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
  
  4. Open regedit, search and delete all entries with name "Ahsan" , site 110mb.com and Bush.
  
  5. If your folder option is disabled enable it with following reg key "
  
      HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer
      HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Policies\Explorer
      Check if a DWORD value named NoFolderOptions exists in the pane on the right hand side of the screen
      Delete it
  
  6. If you are still unable to view the hidden files, which is disabled by virus, enable it with following proc and key.
  
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced. Find the value "Hidden" . Rightclick it and modify it to 1. If Key value hidden is not present create it
  
  7. Check the following registery values and set the values given below in each registery key.
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]
  "CheckedValue"=dword:02
  "ValueName"="Hidden"
  "DefaultValue"=dword: 02
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
  "CheckedValue"=dword: 01
  "ValueName"="Hidden"
  "DefaultValue"=dword:02
  
  
  8. Now enable "show all hidden files / Hidden system files and folders", and search for following files and delete them all.
  
      system.exe
      csrss.exe
      Home video.avi.exe
      autorun
  
  Note: these files will be in parrent drives (D:, C:) and in windows folder.
  
  9. Dont worrie, you are done. now restart and Enjoy !
  Last edited by shah on Thu Jul 17, 2008 10:34 am, edited 1 time in total.
  
  Hope it will works for you if you cant get it then follow this link: http://www.discussbits.com/forum/viewtopic.php?f=94&t=49
  
  With Regards,
  Jeffary Glass
  

  • Edited by Jeffary Glass Tuesday, May 12, 2009 6:37 AM Add link

  Tuesday, May 12, 2009 6:33 AM
• 

  

  1

  Sign in to vote

  Dear Every one ,
  i have created a small tool that removes the virus completely , and fixes all problems that caused by this virus , my program named (AH Remove_fix).
  no computer knowledge required by just one click in less than a second the computer will be removed completely ..
  
  download Remover
  
  Zip file contains one exe file that do every thing and one folder called (ASSOC Fixes) that user to fix file assoc. for bat files registry files vbs files , at first run the exe file (run as administrator for vista) and then click on (Destroy Ahsan Virus and fix) every thing about this virus will be removed in less than one second .
  after that run the registry files inside the ASSOC Fixes folder .
  
  Note : this tool(exe file) will automatically fixes the registry files to work for the fixes that u sre running .
  
  what this Tool do :
  - Fixes all registry problems caused by this virus
  - Removes all virus data and files from the computer
  - Fixes the environment names and variables Like(My computer , My documents , ...etc)
  - Removes all restrictions like disabled folder option , disabled cmd , ...etc
  - Fixes the internet explorer settings (removes the ahsan title , and he's home page ,...etc)
  - and many more things
  - i set the homepage for internet explorer to (http://www.google.ae), you can change it
  
  Tips :
  - This tool will work on both Vista and XP .
  - you must run it as administrator on Vista .
  - In Vista you may get a black screen while cleaning this doesn't matter .
  
   

  • Edited by Khalat Jalal Thursday, May 14, 2009 5:23 AM

  Thursday, May 14, 2009 5:09 AM
• 

  

  0

  Sign in to vote

  hi the ahsan computer virus is a ____ virus , i hav dealt with it for the 2nd time. one of the easiest way to get rid of this bloody virus is to instal "panda antivrus 2008 and update that fom net. then scan your computer after instaling new windows thwill vanish in just secinds . only panda detects this virus. thanxxx

  Friday, June 26, 2009 1:15 PM
• 

  

  0

  Sign in to vote

  AoA
  
  I have downloaded above tool and sucessfully removed the Ahsan Virus from XP Machines.

  Thanks for this great tool to remove the virus.

  I have same problem with Windows 2003 Server machine. Is any tool available for Windows 2003. In server found too many following files available :

  csrss.exe

  Home video.avi.exe
  autorun
  When I tried to remove manaually that time all file removed, but after some time all files appear again.

  Is there any solution for above files?

  Why my computer infected with above files/Ahsan Virus ?

  While my all systems installed AVG Internet Security and I update all machine regularly for safety purpose.

  Needs your positive reply to resolve my problem.

  Thanks N Best Regards

  Ashfaque Khan

  Monday, June 29, 2009 7:43 AM
• 

  

  0

  Sign in to vote

  Asslamoalekum Dear,

  this is not soultion what you are saying coz everyone can do this,

  i have a software and by this never any virus will effect on any pc or note book, i made this and now this i sent to a company. if you want to know then mail me i ll tell you abt this, and dnt think am joking to you,

  comage4000@gmail.com

  comage IT Solution's

  www.comageitworld.blogspot.com

  Thursday, September 3, 2009 10:25 PM