Mahsa virus
Detailed solution coming soon… be in touch…
<this is 20-11-2007>
sorry for late posting…. (i was busy with my studies.. 
) here it is…
Mahsa / ‘New Folder.exe’ / ‘Top Pictures.exe’ / ‘Windows Explorer.exe’ virus
DOWNLOAD
Virus File
File Name: New Folder.exe (inside all folders)
File Name: Top Pictures.exe (shared documents)
File Name: Windows Explorer.exe (c:windows)
Icon: Looks like a Folder
Type: Application
Size: 104KB/112KB
FileVersion: 1.0.0.0
Internal Name: Mahsa
OriginalFileName: Mahsa.exe
Product Version: 1.00
Recognized by antivirus
Trojan.Win32.VB.aol
Worm.P2P.Generic
Symptoms
You wil find New Folder.exe inside every folders.
You cannot open system utilities like Task Manager, Regedit, Msconfig; it opens and suddenly closes.
You cannot open folders with names like antivirus, .exe, etc. it opens and suddenly closes.
Behind the Screen
Creates a file: C:windowsWindows Explorer.exe
Creates a file: C:Documents and SettingsAll UsersDocumentsTop Pictures.exe
Creates New Folder.exe in every folder you open
ModifyRegValue: HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunExplorer
ModifyRegValue: HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerCabinetStateFullPath
ModifyRegValue: HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvancedHideFileExt
Adds to the startup item
Path: HKLMSOFTWAREMicrosoftWindowsCurrentVersionRunExplorer
Value: C:WINDOWSWindows Explorer.exe
Solution
Thank god it doesnt disables the command prompt 
END TASK::
1. Start>Run
taskkill /f /t /im “New Folder.exe”
2. Start>Run
taskkill /f /t /im “Windows Explorer.exe”
3. Start>Run
taskkill /f /t /im “Top Pictures.exe”
(if you get some error like windows cannot find taskkill,.. blah blah…, copy the file taskkill to your X:windowssystem32 directory)
REGISTRIES::
1. Start>Run
reg delete HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun /v Explorer
2. Start>Run
reg add HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced /v HideFileExt /t REG_DWORD /d 0
DELETE FILES::
1. Start>Run>cmd
del /a /f C:windowsWindows Explorer.exe
2. Start>Run>cmd
del /a /f C:Documents and SettingsAll UsersDocumentsTop Pictures.exe
DELETE New Folder.exe : (updated on 28Jan,2008)
del “C:New Folder.exe” /a /s /f /p
DOWNLOAD
Heal for mahsa newfolder
Download Page for other heals
14 July, 2008 at 7:04 pm
Thank you so much………. Your Antivirus softwares, i called them warriors…….are really great!
21 July, 2008 at 11:07 pm
THANK YOU SO MUCH!!
The new folder thing was bugging me so much….Really though, i wanna thank whoever made this….Lifesavers!
16 September, 2008 at 6:43 pm
hello sir.. i really appreciate your help for all of us…..
i had this viru new folder.exe and regsvr.exe ….. in my pc through my
flash drive….. first i opened task manager.. and ended these(folder.exe and regsvr.exe).. from there… then happen to find ur heal s/w.. nd used them….
will they b removed completely????
16 September, 2008 at 6:49 pm
and sir… i also formatted my flash drive…… before using your heal s/w….nd after ending the “folder.exe and regsvr.exe” from the task manager…..
nd now my flash drive is completely empty but… it shows 4kb of used space.. which was not so earlier… what is this sir??? can u plz help me out..at viola_orra@yahoo.com???
13 December, 2008 at 7:58 pm
hello i followed the steps but when i try to delete with command del /a /f “C:\windows\Windows Explorer.exe”
i get Acces Denied msg
help me ! plz
4 January, 2009 at 1:32 am
u r genious…man …thanks…i was wondering that there is win32.sality but after removing new folder.exe i can install antivirus and can open antivirus web sites