The Happy Birthday virus is picking up great deal of popularity and is spreading a lot faster as compared to other virus. This virus mostly spreads through E-mails and flash drives like pen drives.

Following are the problems that this virus causes:

1. Disables registry editor, folder options and command prompt.

2. Shows a tool tip near the mouse cursor with the texts ‘Happy Birthday’.

3. Runs a process named either “explorce.exe” or “explorcr.exe” in the background processes that confuses with explorer.exe

4. Operating system shows “NTLDR Missing” problem.

Solution to fix the problem:

1. First of all we need to get our folder options and registry editor back (to do this, refer this post of mine).

2. Now kill the process “explorcr.exe” or “explorce.exe” running in background.

3. Now go to Folder options -> tick Show Hidden Files and Folders and uncheck Hide Protected Operating System Files.

4. Delete the exe from “C:\Windows\system32” folder.

5. Also delete the “autorun.inf” file from the root drive.

6. Now to fix NTLDR missing problem, insert XP CD and Copy ‘NTLDR’ from i386\NTLDR to %SystemDrive%

7. Reboot the system.

The problem must have gone.

OR

Use The Following tools

Download below files (Security Task Manager and NOD32 Registry Fix)

1)Security Task Manager

2)NOD32 Registry Fix

(Don’t forget to change the downloaded files extension to .zip and change exc file extension to exe!!!)

1. Kill the process of explorcr.exe and delete manually from %systemroot%\system32 (its hidden). you won’t see happy birthday caption again, as soon as you kill the process

2. Delete manually also autorun.inf from the %systemroot% (its hidden) Remark: If you cant find that files, use some other file browser software such as captain nemo!! cause of virus disabled most of useful system command such as cmd, regedit, msconfig etc.

3. Insert windows xp cd-rom for copy ntldr from i386\ntldr to %systemdrive%

4. Run nod32 registry fix to recover system command

5. Restart your computer

Scan all usb storage and delete manually all of autorun.inf, explorcr.exe and foldername.exe. explorcr.exe delete ntldr fron the systemdrive. Use windows xp recovery console to recopy the ntldr, if the computer is already deleted by explorcr.exe.