Threats of the type "virus_exe.exe": what is it and how to deal with them?

Today, the Internet is a rather insecure virtual space, from where the user can pick up some infection in the form of a virus or executable code. Relatively recently a new version of threats appeared, interpreted as "virus_exe.exe". Let's try to understand how such threats affect the system, and how to deal with them in the best way.

The virus deletes EXE files or blocks them: consequences of impact

Viruses that affect exactly executable files have been known for a long time (even since DOS, when there were no Windows systems). At the dawn of the development of computer hardware, "executable" files were the most basic in the system. Not surprisingly, the virus attacks were focused on them. By the way, this also applies to some mobile devices running Windows.

Alas, today the situation when the virus removes EXE-objects, renames them into a double extension or simply replaces the original files, looks almost catastrophic.

Actually, on the system it is displayed so that when you run a Windows application, it displays a message stating that such an object was not found or that it can not be accessed. Here the situation manifests itself in several variants:

• The virus simply deletes the executable;
• The virus infects the object with subsequent blocking.

As it is already clear, in any situation the system does not recognize the desired object. Often threats of this type penetrate the system when, for example, an update of the browser or user program from a questionable source is performed. Many users by inexperience disable antivirus protection or even extensions of browsers like AdBlock, which are able to block pop-up ads, drop-down menus, automatically downloadable components, etc. This can not be done in any case.

The virus creates EXE files: how does this affect the system?

When a threat begins to affect the infected computer by creating new executable components, here, too, you can find several options. In most cases, there are two main ones:

• An object is created with the new name "virus" _exe.exe, where "virus" is the name of the file, or with the original name;
• The virus duplicates "exotic" files, embedding malicious codes in its clones.

In the first case, to find and neutralize such a threat is much easier (a little later it will be shown with the example of the virus some-exe.exe). In the second situation, the situation is somewhat more complicated, because in most cases the threat itself is masked by the system process (it is enough to recall problems with objects like svchost.exe).

Are all antiviruses suitable for treatment?

As for the means of detecting such threats, treating infected files or isolating viruses in quarantine, it's not so simple. And many free antivirus packages do not suit at all.

There are many known cases when the same free AVG and Avira packages are detected when threats such as "virus_exe.exe" are found that infected executable files (note that they did not delete or replaced them), if they failed to cure infected objects, they did not even put them in quarantine, and , As they say, unconscionably removed. What did this lead to? To a complete reinstallation of the entire system.

The best search and removal tools

If you ask yourself the questions of effective and safe search and treatment, here you should pay attention to portable utilities like Dr. Web CureIt! Or KVRT of Kaspersky Lab.

However, as practice shows, for the deepest scan (up to the operational and system memory) the most powerful tool is special programs like Kaspersky Rescue Disk. The principle of their work is that initially creates a bootable USB or optical media, from which the anti-virus scanner is launched even before Windows boots. At the same time, such scanners are able to find even deeply hidden or carefully disguised objects that are not recognized by standard or portable antiviruses.

For example, the Windows virus, EXE files or folders (with the addition of the extension .exe in their name) are determined quite quickly, while the regular scanners created by objects can skip. In addition, the path to system files can often change, as a result of which the conversion does not occur to the original file, but to its dangerous clone even at the download stage.

Viruses of type "_exe.exe": manual removal on an example of threat some_exe.exe

Now we will study a variety of threats with the general name "virus_exe.exe" on a concrete example.

As already mentioned, it can be easily identified. To begin, we stop the process with the same name in the Task Manager, and then search in Explorer or any other file manager, and as a condition, enter either the full name or * exe.exe * (you must put asterisks in the line). In principle, you can do it and it's easier, because the file itself is "registered" in the System32 folder. We remove it from there. After that, delete the same dynamic library some_dll.dll (if it is not possible to delete, both objects must first be renamed).

Now go to the Registry Editor (the regedit command in the "Run" menu, called by the Win + R keys), where we again use the search (either from the main menu, or by the Ctrl + F combination). We specify the full name in the search, and completely delete the results.

If for some reason the consequences of the virus impact still appear, we find the HOSTS file located in the folder etc of the drivers folder, which in turn is located in the System32 directory of the main volume (Windows) on the system disk, open it and delete all the lines below The value of "# :: 1 localhost". We reboot the system, and everything works fine. As you can see, even an antivirus scanner is not needed.

Conclusion

Here in brief and everything that concerns viruses affecting executable EXE-files. The method of detecting and blocking them is quite simple. However, it is best to use recovery "rescue disks" that do not miss the threat and do not deal with it manually.