How to Remove a Surabaya Virus

Techwalla may earn compensation through affiliate links in this story. Learn more about our affiliate and product review process here.
Removing the Surabaya virus can be done manually.

If your computer displays "Surabaya in my birthday, Don't kill me, I'm just send message from your computer," when you power it on, you can be sure that your computer has been infected with the Surabaya virus. This is a virus that is spread with pin drives. The pin drive "autorun.inf" file infects the hard disk of the machine it is attached to and paralyzes the system, oftentimes causing folders to disappear and the system to become generally unresponsive. Fortunately, this virus can be removed manually with a few steps.


Step 1

Access the registry by typing "regedit" at the command prompt screen. This is the black screen that will appear when you first start the infected computer. Immediately after, two entries will appear as "LegalNoticeCaption" and "LegalNoticeText." Delete these keys.


Video of the Day

Step 2

Search for the word "Surabaya" and delete it each time you see it. Infected computers will have a high volume of entries attached to "Rundll32" that you will need to remove by removing the "Rundll Surabaya" text portion from the registry key.

Step 3

Type HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hideen\SHOWALL into the registry and press enter. You will see "CheckedValue" set at 0, which means "showfiles" are disabled. Enable show files by changing the 0 to a 1.


Step 4

Exit the registry by pressing the "esc" key on your keyboard and enter the command prompt by going to the "start menu" and selecting "Run." Enter the letters "cmd" into the command prompt and press the "enter" key.

Step 5

Type "CD\" and then the "Enter" key. This will allow you to access the C drive. Enter the command, "Attrib *. * -S –H –R /D /S ". This will set the files back to normal. If you receive an error for "System Volume information" while running the command, ignore it. Repeat this process for all of the drives by placing the name of the drive followed by "D\". For example, the D drive would be accessed by typing "DD\".


Step 6

Delete the "Autorun.inf" and "thumb.exe" files from the command prompt by typing the following commands: Del c:\autorun.inf Del d:\autorun.inf Del c:\thumb_.exe /S Del d:\thumb_.exe /S

Step 7

Check the "Autoexec.bat" files on the C drive for any entries that contain the word Surabaya and delete them. Restart the system and the virus will now be gone.

Video of the Day




Report an Issue

screenshot of the current page

Screenshot loading...