NEXT.exe Removal
Worm/Autorun.gas.1:
Detected sometime around July 2009, this is a worm that spreads in interacting services like emails, USB drives, LAN connections, etc. As soon as it is run, it copies itself to the "C:\NEXT\FILES\" folder and affects the explorer.exe process immediately. As a result, whenever the process is launched at the startup, the virus also starts its work. Here, the work mentioned is that it downloads several Malware from the Internet and pings to http://redex.freehostia.com/. The worm is launched from the C:\NEXT\FILES folder and goes by the name NEXT.exe. However, the worm does not damage or affect too many parts of the computer but the Malware that it downloads do. This virus must be removed as soon as it is run. Making our removal process difficult, this Malware also adds itself to the registry such that the process NEXT.exe is launched at every boot up.
Removal of Next.exe/Worm-Autorun.gas.1 :
Recommended anti-viruses to delete the virus:
BitDefender Total Security 2011 - 3 PC/1 year
AVG Antivirus and Antispyware 1-User 2011
Kaspersky Internet Security 2011 1-User
Detected sometime around July 2009, this is a worm that spreads in interacting services like emails, USB drives, LAN connections, etc. As soon as it is run, it copies itself to the "C:\NEXT\FILES\" folder and affects the explorer.exe process immediately. As a result, whenever the process is launched at the startup, the virus also starts its work. Here, the work mentioned is that it downloads several Malware from the Internet and pings to http://redex.freehostia.com/. The worm is launched from the C:\NEXT\FILES folder and goes by the name NEXT.exe. However, the worm does not damage or affect too many parts of the computer but the Malware that it downloads do. This virus must be removed as soon as it is run. Making our removal process difficult, this Malware also adds itself to the registry such that the process NEXT.exe is launched at every boot up.
Removal of Next.exe/Worm-Autorun.gas.1 :
- Firstly, the process that is used by the virus must be killed i.e NEXT.exe. Search for this process in the processes tab of your Task Manager.
- Just to make sure your computer is not taken over by the worm, lets end even the explorer.exe process.
- Yes, all the open windows will close but don't panic. Open your Command Prompt from your task manager (File --> Run, type cmd and then the Return key).
- Now type "del C:\NEXT\FILES\NEXT.exe " (without the quotes ofcourse).
- Note that the main file has just been deleted but not the downloaded ones. The command prompt launches in the Home directory when started. So you're in the "C:/Documents and Settings/User" directly.
- Type dir /w/a to view the files and folders in that directory. You must see files with names "yzxxsx5.exe" and "Update.exe" in that folder. If you don't, you're free from the virus. But if you find them there, you'll have to type "del yzxxsx5.exe" and "del Update.exe".
- Once they're deleted, you are completely free from the worm but not the registry. Remember, I told you about the registry editing the worm does. Type regedit in the Command Prompt and the Windows Registry Editor opens. Navigate to the following point [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
{67KLN5J0-4OPM-33WE-AAX5-24KC2A3453431}]
On the right hand side, you'll find a list of entries. Look for the sub path that goes by the name "c:\NEXT\FILES\NEXT.exe" and delete it. - Restart your computer and you're done.
Recommended anti-viruses to delete the virus:
BitDefender Total Security 2011 - 3 PC/1 yearAVG Antivirus and Antispyware 1-User 2011 Kaspersky Internet Security 2011 1-User