SYMPTOMS :
Password check before access windows though never set password
On Flash Drive (Thumb Drive) it hide as hidden files and folders,
and also create file called "Flashy.exe"
Folder Option's disappear
SOLUTIONS :
1. Enter Safe mode (F8) during computer check your hardware
2. Any password check please type password as "hacked"
3. Go to Start Button -> Control Panel -> User Accounts
4. Click your Account and change your password
old one : hacked
new one : blank (leave it blank)
5. turn off System Restore My Computer -> Properties -> System Restore -> Turn off system restore
6. Call your task manager by hold ctrl+alt+del
7. look for Flashy.exe and Systemid.pif on processes tab (username as Local Service)
8. End both processes "Flashy.exe and Systemid.pif"
9. Go to Start Button -> Click Run -> type "Regedit"
10 Edit your Registry by following these...
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoFolderOptions"="1"
edit "NoFolderOptions"="1" to "NoFolderOption"="0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\"HodeFileExt"="1"
edit "HodeFileExt"="1" to "HideFileExt"="0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Advanced\"Hidden"="2"
Should be "Hidden"="2"
HKEY_LOCAL_MACHINE_SYSTEM\CurrentControlSet\Services\SharedAccess\"Start" = "4"
Should be "Start" = "4"
11. Download these RAR files
click here to Download killflashy.bat
if you get error when you try to run this bat file above... try these one below
click here to Download killflashy.bat
click here to Download killfreshy.bat
12. Extract RAR and run .bat file
13. Go to Folder option -> View tab -> Show all hiddden files and folders
14. Go to Start Button -> All Programs -> Startup or
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
15. Look for systemID.pif and delete it (systemID.pif)
16. Go to C:\WINDOWS\System or C:\WINDOWS\System32
17. Look for Freshy.exe and delete it (Flashy.exe)
18. Restart
