Hovatek Forum DESKTOP Windows [Tutorial] How to remove the Paint Virus from a Windows PC
Can't login? Please, reset your password.
Hovatek is recruiting! Apply Now


[Tutorial] How to remove the Paint Virus from a Windows PC

[Tutorial] How to remove the Paint Virus from a Windows PC

Pages (2): 1 2 Next
X3non
X3non
X3non
Recognized Contributor
22,062
27-01-2017, 11:24 PM
#1



Have you ever connected your hard drive to a PC without first checking for viruses on a PC? It could be scary if you did only to find out that all your executable files (exe) or software installers worth 100MB and above seem to be missing and replaced with an executable file of about 800KB in size.


What is the Paint Virus?



This is a virus very similar to the well known shortcut or lnk virus. The only difference is that the paint virus attacks only executable files (exe)
It simply hides and renames the original executable file adding a small letter "v" to the beginning of the file name then replaces itself with the original file name and icon.
lets take an example, you have a file named Chrome.exe with a size of 40MB, this file would be renamed to vChrome.exe and the file would be hidden then a new file with a size of 800KB would be named Chrome.exe with the exact chrome icon as well. Once you try to install this new 800KB file, the PC gets infected automatically.

How to Manually Remove the Effects of the Paint Virus from an infected Removable Media Device


The manual process might be a little bit stressful but I prefer this method to using an Anti virus BTW an Anti virus won't unhide and rename your files for you.
  1. You must use an uninfected PC with a strong and reliable Anti virus for this (e.g Avast, Avira, e.t.c).
  2. If you don't have a reliable Anti Virus then please do not attempt to connect this infected media device because the virus would have already set-up an autorun program to automatically run once the media device is connected to any PC.
  3. Connect the infected device (hard drive, USB flash drive, e.t.c) using USB
  4. Your Anti virus should automatically block the paint's virus autorun process
  5. You can now open the removable media
    [Image: How-to-Manually-Remove-the-Effects-of-th...vice-1.png]

  6. Now hold the shift key and right click on any empty space then select Open Command window here
    [Image: How-to-Manually-Remove-the-Effects-of-th...vice-2.png]

  7. In the CMD prompt window that appears next, type in the code below and hit Enter
    Code:

    attrib -h -r -s /s /d *.*
    [Image: How-to-Manually-Remove-the-Effects-of-th...vice-3.png]

  8. Wait for the process to complete
    [Image: How-to-Manually-Remove-the-Effects-of-th...vice-4.png]

  9. Now all hidden, read only and system attributes has been removed from all files.
  10. Now delete the autorun file from the root of the removable media
    [Image: How-to-Manually-Remove-the-Effects-of-th...vice-5.png]

  11. Delete any folder called Photo from the root of the removable device as well (skip this step if you don't find any such folder) 
      (also ensure that you don't have any personal files within this folder)
     
  12. Now go through all folders within the removable media device containing an executable file (exe). Be extremely careful not to install anything and take note of the sizes. You'll find that most executables have a size of approx 825kb or there about
    [Image: How-to-Manually-Remove-the-Effects-of-th...vice-6.png]

  13. Select and permanently delete all the executables with the same size as shown in the picture above

  14. In the same folder, you'll notice another set of executables with a small letter "v" attached to the beginning of their name. (These files are your original executable files)
      You can simply rename them all, i.e remove the small letter "v". If you are lazy then of course you can as well leave them
    [Image: How-to-Manually-Remove-the-Effects-of-th...vice-7.png]

How to Prevent / Avoid this Rename and Hide Effects Caused by this Virus

  • Simply compress all your executable files within ISO, ZIP or RAR compressed files. This way there'll be no executable files to affect.

How to Remove the Paint Virus From an Infected PC

  • An easy method would be to do a full system OR boot time scan with a reliable Anti Virus
This post was last modified: 04-10-2019, 11:39 PM by X3non.
Jonyboy
Jonyboy
Jonyboy
Junior Member
29
27-10-2018, 03:09 PM
#2
@X3non I tried this method  I was able to delete the paint and autorun.. But I've not been able to recover my files. Most of my exe files are shortcut with 0kb
xerxes
xerxes
xerxes
Senior Member
8,355
27-10-2018, 04:34 PM
#3
(27-10-2018, 03:09 PM)Jonyboy @X3non I tried this method  I was able to delete the paint and autorun.. But I've not been able to recover my files. Most of my exe files are shortcut with 0kb

Try un-hiding hidden files.
Select the Start button, then select Control Panel, Appearance and Personalization.
Select Folder Options, then select the View tab.Under Advanced settings, select Show hidden files, folders, and drives, and then select OK.
This post was last modified: 27-10-2018, 04:35 PM by xerxes.
Jonyboy
Jonyboy
Jonyboy
Junior Member
29
27-10-2018, 05:53 PM
#4
(27-10-2018, 04:34 PM)innagee
(27-10-2018, 03:09 PM)Jonyboy @X3non I tried this method  I was able to delete the paint and autorun.. But I've not been able to recover my files. Most of my exe files are shortcut with 0kb

Try un-hiding hidden files.
Select the Start button, then select Control Panel, Appearance and Personalization.
Select Folder Options, then select the View tab.Under Advanced settings, select Show hidden files, folders, and drives, and then select OK.

It still doesn't show the exe files... They're still 0kb
X3non
X3non
X3non
Recognized Contributor
22,062
29-10-2018, 10:51 AM
#5



(27-10-2018, 05:53 PM)Jonyboy It still doesn't show the exe files... They're still 0kb

check your hdd free space, is it looking empty like the files have been deleted OR it still looks full like the files are in there somewhere?
you mentioned your files are shortcut, does this mean all your files and folders were affected or just exe files only?
Jonyboy
Jonyboy
Jonyboy
Junior Member
29
29-10-2018, 03:04 PM
#6
(29-10-2018, 10:51 AM)X3non
(27-10-2018, 05:53 PM)Jonyboy It still doesn't show the exe files... They're still 0kb

check your hdd free space, is it looking empty like the files have been deleted OR it still looks full like the files are in there somewhere?
you mentioned your files are shortcut, does this mean all your files and folders were affected or just exe files only?

The hdd is still fullike the files are in there somewhere..
Just exe files are affected. All my exe files are 0kb but somehow they are still taking up space in the hdd. I don't wanna delete the 0kb files just incase I might need them to get the real files back..
X3non
X3non
X3non
Recognized Contributor
22,062
30-10-2018, 09:09 AM
#7
(29-10-2018, 03:04 PM)Jonyboy The hdd is still fullike the files are in there somewhere..
Just exe files are affected. All my exe files are 0kb but somehow they are still taking up space in the hdd. I don't wanna delete the 0kb files just incase I might need them to get the real files back..

repeat steps 5 - 10 again
then use windows search feature to search the hdd for .exe
Jonyboy
Jonyboy
Jonyboy
Junior Member
29
02-11-2018, 11:04 AM
#8
(30-10-2018, 09:09 AM)X3non
(29-10-2018, 03:04 PM)Jonyboy The hdd is still fullike the files are in there somewhere..
Just exe files are affected. All my exe files are 0kb but somehow they are still taking up space in the hdd. I don't wanna delete the 0kb files just incase I might need them to get the real files back..

repeat steps 5 - 10 again
then use windows search feature to search the hdd for .exe

I've tried everything  they still don't show up
X3non
X3non
X3non
Recognized Contributor
22,062
02-11-2018, 12:19 PM
#9
(02-11-2018, 11:04 AM)Jonyboy I've tried everything  they still don't show up

create a new thread for you issue so we'll focus on it
see https://www.hovatek.com/forum/thread-514.html for how to create a thread
05-11-2018, 10:12 AM
#10



Quickheal anti-virus do solve this problem automatically when ever I contact the virus... It immediately removes the virus, recovers and also rename my . Exe files back to there original name without loosing anything.
Just make sure you rlare using a registered version.
Pages (2): 1 2 Next
Users browsing this thread:
 1 Guest(s)
Users browsing this thread:
 1 Guest(s)
YtWhTl
live chat
whatsapp telegram instagram