THB and Jammer virus removal

This particular virus (or worm) attach can have any of the three symptoms as mentioned below :

1. In “My computer”, C-drive was having an ugly logo and got renamed to %$thb$%. The thb name is also not to be found anywhere on the internet.

2. when you open orkut, youtube etc, a dialog box opens which says that this site is sending virus to your computer and the browser closes itself. when you open orkut, youtube etc, a dialog box opens which says that this site is sending virus to your computer and the browser closes itself.

3. A message “Orkut is banned you fool… ” is shown when you open orkut, and a laughing mp3 is played.

The solution is divided into two parts - first aid and complete solution. Select your choice depending on your urgency.

Part I - First Aid

if you just want to immediately surf orkut or change back the ugly logo in your drive,, open task manager, stop the process called win.exe. delete two files called thb.ico and autorun.inf after changing their attributes from the command mode by typing

atttrib -h -r -s thb.ico

attrib -h -r -s autorun.inf

Next delete those two files from the hard drive.

Your orkut login and ugly logo will be cleared. But, it is not a complete cure.

Part II - Complete Cure

1. You need to find out which process is causing all those problems - go to task manager and see the process. I found that a process called win.exe is causing the trouble. Disable the process.

2. Do a search (Be sure to select hidden folders under advanced search options before searching) on that particluar file.

3. I found that this file is present in a folder call win.dll (yes, its a folder, not a file).

4. Log into safe mode and navigate to that particular directory.

5. once you are inside win.dll directory, type attrib -h -r -s *.*

6. del *.*

7. rd win.dll

8. Next, open registry by typing regedit in start->run

9. search for all occurances of win.dll and win.exe

10. delete all such instances from registry. Also, if there are any more locations in which win.dll folder is present, delete them also.

11. once more clean out the thb.ico and autorun.inf file if present from the drives as mentioned in first part of this article.

12. Reatart the machine in normal mode.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Bulk convert documents to office 2007 format All the document formats (word, excel,powerpoint etc.) are new in...
default save locations in ms office After writing a document, we save the document. But Microsoft...
Virus Virus…Where do thy come from I broadly classify virus into three categories : 1. Ones...

Related posts brought to you by Yet Another Related Posts Plugin.

You Should Also Check Out This Post:

More Active Posts:

5 Users Responded In This Article

Subscribes To This Post Rss Feeds Or Leave A Trackback

arun Said in January 23rd, 2009 @10:41 am

sir i have same problem, but not able to follow. so plz give me a executable file to delete the virus

Arunjith Said in January 29th, 2009 @10:10 am

@Arun, you can just follow the steps mentioned. It will work. Techlemon does not have a ready executable file to do this.

maya Said in May 6th, 2009 @2:40 pm

This article helps me a lot.thank you very much..

narayan Said in May 28th, 2009 @10:54 pm

i tried with this, but i was not able to find a file named “win.exe”…. actually 1st i tried for a 1st aid, which dint work, so dint try for a complete cure…. my question is if i reinstall my windows will it go & how does the computer got affected by JAMMER VIRUS…. does make the comp performance slow or something related to that…. will be very happy if i get the troubleshooting steps in my e mail address mentioned above…. will be happy if i get is soon

thanks in advance

narayan (can call me as rocky)

narayan Said in May 28th, 2009 @10:56 pm

this is the e mail address

narayankg@aim.com

the above guys who tried it i believe it worked for them.. u guys are also encouraged for posting me…. lets BE FRIENDS !!!

waiting for the response very eagerly