Today, the Internet is a rather insecure virtual space, from where the user can catch some infection in the form of a virus or executable code. Relatively recently, a new type of threat has appeared, interpreted as “virus_exe.exe”. Let's try to figure out how such threats affect the system, and how to deal with them in an optimal way.
The virus deletes or blocks EXE files: consequences of exposure
Viruses that affect specifically executable files have been known for a long time (since the days of DOS, when there were no Windows systems at all). At the dawn of the development of computer technology, "executable" files were the most basic in the system. Not surprisingly, viral attacks focused on them. By the way, this also applies to some mobile devices running Windows.
Alas, the situation today when a virus deletes EXE objects, renames them a double extension, or simply replaces the original files, looks almost catastrophic.
Actually, this is displayed on the system so that when you start some kind of Windows application, it displays a message stating that such an object was not found or that it was not accessible. Here the situation is manifested in several ways:
- the virus simply deletes the executable file;
- the virus infects the object, followed by blocking.
As already clear, in any situation, the system does not recognize the desired object. Often, threats of this type penetrate the system when, for example, updating the browser or user program from a dubious source is performed. Many users, by inexperience, disable anti-virus protection or even browser extensions like AdBlock, which are able to block pop-up advertisements, drop-down menus, automatically loaded components, etc. This should never be done.
The virus creates EXE files: how does this affect the system?
When a threat begins to affect an infected computer by creating new executable components, here you can also find several options. In most cases, there are two main ones:
- an object is created with the new name "virus" _exe.exe, where "virus" is the name of the file, or with the original name;
- the virus duplicates the "executable" files, embedding malicious codes in its clones.
In the first case, it is much easier to find and neutralize such a threat (a bit later it will be shown using the example of the some-exe.exe virus). In the second situation, the situation is somewhat more complicated, since in most cases the threat itself is disguised as a system process (just recall problems with objects like svchost.exe).
Are all antiviruses suitable for treatment?
As for the means of detecting such threats, treating infected files, or quarantining viruses, it is not so simple. And many free anti-virus packages do not work at all.
There are many cases where the same free AVG and Avira packages when detecting threats like "virus_exe.exe" that infected executable files (note that they did not delete or replace them), if they failed to cure infected objects, they did not even quarantine them, but that is called, unscrupulously deleted. What did this lead to? To complete reinstallation of the entire system.
Optimal search and delete tools
If you already ask questions of effective and safe search and treatment, then you should pay attention to portable utilities like Dr. Web CureIt! or KVRT Kaspersky Lab.
However, as practice shows, for the most in-depth scan (up to operational and system memory), the most powerful tool is special programs like Kaspersky Rescue Disk. The principle of their work is that initially bootable USB or optical media is created, from which the anti-virus scanner starts before Windows starts. Moreover, such scanners are able to find even deeply hidden or carefully disguised objects that are not recognized by regular or portable antiviruses.
For example, a Windows virus, .exe files or folders (with the extension .exe added to their name) are detected quite quickly, while regular objects can skip created scanners. In addition, the path to system files can often change, as a result of which the access is not to the original file, but to its dangerous clone even at the download stage.
Viruses of the type "_exe.exe": manual removal using the example of some_exe.exe threat
Now we will examine a variety of threats with the general name "virus_exe.exe" using a specific example.
As already mentioned, it can be detected quite simply. First, stop the process of the same name in the Task Manager, and then set the search in Explorer or any other file manager, and as a condition, enter either the full name or * exe.exe * (it is obligatory to put asterisks in the line). In principle, it’s possible to do something easier, since the file itself is “registered” in the System32 folder. We remove it from there. After that, delete the similar dynamic library some_dll.dll (if removal is not possible, first you just need to rename both objects).
Now we go to the registry editor (regedit command in the "Run" menu, called by the Win + R keys), where we again use the search (either from the main menu or with Ctrl + F). We set the full name in the search, and completely delete the results.
If for some reason the consequences of the virus exposure still occur, we find the HOSTS file located in the etc directory of the drivers folder, which in turn is located in the System32 directory of the main volume (Windows) on the system disk, open it and delete all the lines below values ​​of "# :: 1 localhost". We reboot the system and everything works fine. As you can see, even an anti-virus scanner is not needed.
Conclusion
Here is a brief summary of all viruses related to exe executables. The technique for detecting and blocking them is quite simple. However, it is best to use recovery “rescue disks” that do not miss the threat and do not deal with it manually.