May 13, 2009

Deleting NewFolder .exe virus

Windows has been evolving over time but what remains is their dedicated support to viruses. Out of the many famous viruses, the NewFolder.exe virus has been there for a very long time and pathetically no antivirus company is able to detect and remove this virus.

 NewFolder.exe is a notorious virus that creeps into your pendrive every time you plug into some public system. This virus can be very tedious to manually delete that too if you have a lot of nested directories. One quick solution to this problem is to plug in the pendrive on a Linux machine and run the following code.

Before I give you the code, I'll explain you how it works. Newfolder.exe virus generally creates an executable with the same name as your parent folder followed by a space and the extension .exe ie. If you have a folder named foo, then the virus creates an executable with the name foo .exe. People do not name normal executables with any space before their file extension. The following command will look for all executables that are having a space followed by .exe and delete them.

NOTE: If you have any valid executable having a space preceding the file extension, this command will delete it too. So make sure that executables of such format are not present in your pendrive.

To delete the virus:

  1. Open Terminal
  2. Navigate to the location where your pendrive is mounted.
  3. Type the following command and press enter

sudo find -iwholename *\ .exe -delete

PS: sudo is required if you have any files with no rw permissions. Most of the files will not require sudo.