Wednesday, July 16, 2008

How to remove Surabaya Virus ? Manually remove; Get rid off of Surabaya Virus.

If you are receiving message “Surabaya in my birthday, Don't kill me, I’m just send message from your computer", trust that you have Surabaya virus. Don’t worry , the manual removal is easy.
Last Sunday, when my friend switch on his pc, he shocked to saw this, message, before Login.
Don't kill me, I’m just send message from your computer",
After he recovered from the shock, he called me and asked for “what could be done”.
Did you attached USB pen drive to your pc , recently? I asked. Yes, an affirmative answer. I copied the data from friend’s pc.
Then don’t worry, I assured him. It is Surabaya virus, which is easy to remove.
Surabaya virus is spread through the largely USB pen drives , via autorun. It affects the autorun.inf of pen drive. When you attach a pen drive, autorun.inf file get run and infects the local hard disks.
Other Symptoms of Surabay virus
1.All folders and files including windows OS folder disappears. Only few folder files with fixed size of 40K appears to user.
2.When you try to change the options for show hidden files, it doesn’t show the previous data.
3. You will not able to run many anti virus & software programmes. Installation also get blocked.
4. There are files like thumb.exe
5. System becomes unresponsive. After login it takes lot of time to user to operate it.
Other notable symptoms
Got to DOS prompt using CMD. On root of drive ,type DIR Prog*. *, It will show you all the content of Programme Files folder, which was not visible earlier in windows GUI.
How to remove it? You can remove it manually.
Follow these steps
First take printout of this process, here onwards.
(A) At Registry Level
Step 1:
Open registry by typing “regedit” at command prompt. In registry ,search for word "Surabaya”.
You will see two keys entries as LegalNoticeCaption and LegalNoticeText.It contains the same message, which appears at startup.
Delete these keys. No harm
Step 2: Keep searching for this word “Surabaya”. There will be lot of entries, are attached to Rundll32. Just remove the Rundll Surabaya text portion from registry key. Remember, keep no trace of Surabaya.
Step 3: Now navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hideen\SHOWALL You will see that value of CheckedValue is 0 means show all files are disabled. To enable it make it 1.
Quit from registry and got to command prompt. (Start->Run->cmd)
(B) At Command line level
Step 4. Type CD\ to switch to root of drive say C: drive.
Issue the following command
Attrib *. * -S –H –R /D /S ( Put space between /D and /S switches.)
(Note: /S switchProcesses files in all directories in the specified path. /D, Process folders as well.) It will change the attributes of all files in C drive. Surabaya hides all the files by making them Hidden and System files. This command resets the attributes of the files to normal.
While running this command you may receive error for System Volume information folder. Just ignore.
Repeat this command to all drives in your system.
Now you may be able to see all files and folders in your drive.
Step 5 :When you click on infected drive, the autorun.inf file points to some thumb*.exe file. So delete both the files Autorun.inf as well thumb.exe
From command prompt issue following commands.
Del c:\autorun.inf
Del d:\autorun.inf
(If D drive present. Do same for E, F: drives)

Del c:\thumb*.exe /S
Del d:\thumb*.exe /S
You may see the command is deleting thumbs.db files too. Don’t worry, these files will get regenerated
Check the Autoexec.bat files in C: drive. Remove the suspicious entries , if any.
Step 6 :Download and install “autoruns” utility. Check the startup programmes in “Logon” and remove the suspicious entries from startup.Restart the system. Now you should not get any message at startup. The virus is removed now. Relax...

Join us on Twitter : @Techfreakindia
Post Your Comments

Sunday, July 6, 2008

How to extract pages from PDF document

There are lot of PDF extractor or editors are available but most of them are not free.You can use PDF printer to extract PDF pages.

Last week I felt a need to extract a single page from a PDF document,which was having 83 pages.I searched on web for any PDF extractors or editors.I couldn't get the suitable one as most of them are either sharewares or put their own watermark on extracted pages.

The good one are the paid one.

Suddenly an idea clicked in my mind.I realized that Bullzip,a freeware PDF printer is already installed on my system,which I use to convert my MS word documents to PDF.There are whole lot of well established freeware PDF printers like PDF995,CutePDF, PDFcreator, doPDF,Go2PDF etc are available.PDF printer always creates output as PDF file.

Simple method to get PDF page from PDF document

We know that when we issue a print command via GUI,we have various choices like (1) we can print whole document,(2)we can print a Selection in document and (3)we can print the page range in document.To extract a pages from PDF document,I relied on third option i.e. range of pages.I simply loaded the documents in Adobe Acrobat and clicked on Print icon.From the drop down of available Printer list,I selected Bullzip PDF printer,and in print range I entered Pages from 36 to 36.Later I clicked on OK button to print.I entered the PDF file name for page no 36, as c:\page36.pdf and clicked on Save button.Voila!! The single page is now saved as separate file.

Basically,you can use PDF printer to save or extract(?) the page(s) from PDF document,you cannot use it to edit the PDF file or to remove page from PDF document.Instead of single page,you can select the page range too, hence multiple pages can also be extracted to single file.

Happy PDF extraction