Removing NewFolder Virus

 05/14/2017 - 18:42
Remove newfolder virus

What is Newfolder.exe?

The real name of this virus is Iddono. This threat copies its file to your hard disk. Its typical file name is Iddono. Then it creates new startup key with name  Iddono and value
newfolder.exe. You can also find it in your processes list with name newfolder.exe or Iddono. This virus is very difficult to eliminate manually, but you can find several possible methods of removal below. How to fix Newfolder.exe manually? For advanced users only This problem can be solved manually by deleting all registry keys and files connected with this software, removing it from starup list and unregistering all corresponding DLLs. Additionally missing DLL's should be restored from distribution in case they are corrupted by Iddono. To fix this threat, you should:

Removig Virus Banner

i. Kill the following processes and delete the appropriate files:

1. libedit.dll
2. newfolder.exe
3. shelliddono.dll
4. srv0104.ids
5. srvidd20.exe

If these files can't be deleted during normal Windows work
or recreate themselves, reboot into Safe Mode and repeat
deletion. If you do not see all of these files, then they are
hiding themselves. You need special software to kill those
hidden files.


ii. Delete the following malicious registry
entries and\or values:

1. Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Run for nwiz.exe Value: @
2. Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Run\alche m Value: @
3. Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Run\zzb Value: @                                                                                                                                                                                                                   Another method which is recently discovered by me that any AVG antivirus above 8.0 version can detect the new folder virus easily.

admin's picture
Arshad Ali Ansari

Follow the author on         or visit   Personal Blog