New Folder EXE Manual Removal

by on May 31st, 2010

While Combofix, SDFix and ‘Smart Virus Remover’ can remove this newfolder.exe virus from PC completely but a guest asked about how he can remove it manually. Here are instructions and methods to remove NewFolder.exe completely from your PC without using any antivirus program.

Use any one of these methods. These are same. Only difference is explanation and detail.

Method 1
  • Search and delete the Autorun.inf
  • Open Windows Task Scheduler or go to Control Panel > Scheduled tasks and remove any suspicious task
  • Click on Start > run and type > ‘msconfig’. In the startup tab, find entries like NewFolder.exe or regsvr.exe and uncheck them.
  • Open Task Manager. In the processes tab, delete any process with the name of NewFolder.exe or regsvr.exe
  • Open Registry by typing ‘Regedit’ in the Run command box. Please take a backup of the registry before proceeding. Now search for regsvr.exe and Newfolder.exe. If you find any entries, delete them. Please delete the entries having the exact name as regsvr.exe and not anything else. If that is appended with other entries, delete its occurrence only and not the whole thing.
  • Restart the Computer
Method 2

Use Windows File Search Tool to Find newfolder.exe Path

  • Go to Start > Search > All Files or Folders.
  • In the “All or part of the the file name” section, type in “newfolder.exe” file name(s).
  • To get better results, select “Look in: Local Hard Drives” or “Look in: My Computer” and then click “Search” button.
  • When Windows finishes your search, hover over the “In Folder” of “newfolder.exe”, highlight the file and copy/paste the path into the address bar. Save the file’s path on your clipboard because you’ll need the file path to delete newfolder.exe in the following manual removal steps.

Use Windows Task Manager to Remove newfolder.exe Processes

  • To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
  • Click on the “Image Name” button to search for “newfolder.exe” process by name.
  • Select the “newfolder.exe” process and click on the “End Process” button to kill it.

Detect and Delete Other newfolder.exe Files

  • To open the Windows Command Prompt, go to Start > Run > cmd and then press the “OK” button.
  • Type in “dir /A name_of_the_folder” (for example, C:\Spyware-folder), which will display the folder’s content even the hidden files.
  • To change directory, type in “cd name_of_the_folder”.
  • Once you have the file you’re looking for type in del “name_of_the_file”.
  • To delete a file in folder, type in “del name_of_the_file”.
  • To delete the entire folder, type in “rmdir /S name_of_the_folder”.
  • Select the “newfolder.exe” process and click on the “End Process” button to kill it.
Method 3
  • Search for autorun.inf file. It is a read only file. Selecting the properties of file(s) and un-check the read only option.
  • Open the file in notepad and delete everything and save the file.
  • Now change the file status back to read only mode so that the virus could not get access again.
  • Click start->run and type msconfig and click ok
  • Go to startup tab look for regsvr and uncheck the option click OK.
  • Click on Exit without Restart.
  • Go to control panel -> scheduled tasks, and delete the At1 task listed their.
  • Click on start -> run and type gpedit.msc and click Ok.
  • Go to users configuration->Administrative templates->system
  • Find prevent access to registry editing tools and change the option to disable.
  • Once you do this you have registry access back.
  • Click on start->run and type regedit and click ok
  • Go to edit->find and start the search for regsvr.exe,
  • Delete all the occurrence of regsvr.exe; remember to take a backup before deleting. KEEP IN MIND regsvr32.exe is not to be deleted. Delete regsvr.exe occurrences only.
  • At one or two places you will find it after explorer.exe in theses cases only delete the regsvr.exe part and not the whole part. E.g. Shell = Explorer.exe regsvr.exe the just delete the regsvr.exe and leave the explorer.exe
  • Click on start->search->for files and folders.
  • There click all files and folders
  • Type *.exe as filename to search for
  • Click on ‘when was it modified ‘ option and select the specify date option
  • Type from date as current also type To date as current date
  • Now hit search and wait for all the exe’s to show up.
  • Once search is over select all the exe files and shift+delete the files,
  • Also selecting lot of files together might make your computer unresponsive so delete them in small bunches.
  • Also find and delete regsvr.exe, svchost .exe (notice an extra space between the svchost and .exe)
  • Now do a reboot and you are done.