This method is for those who can’t afford expensive but effective programs and have a hard time dealing with the virus,
especially when it locks drive C. Until a virus scan update includes this virus, use the following steps.
It is guaranteed safe since I use other removal methods as reference.

Characteristics:

1.) The drive C;\ or any drive may contain an “autorun” which may trigger the virus’ function.
To determine this, right-click on drive C:\. If the autorun is present, the first option on the right-click menu is “Autorun”
2.) runs two (2) winlogon.exe
3.) runs a calc.exe that when ended, runs again.
4.) files are permanently hidden when you show them using the normal viewing method.
5.) if you manage to edit the registry to see the hidden files, the one or more of the following files can be seen:

C:\WINDOWS\SYSTEM32\_re101.exe
C:\re101.exe
C:\Program Files\Common Files\Microsoft Shared\MSInfo\re101.exe

The virus may be seen in places where you copied your files from your flash drive

NOTE: these files are always in use and are deemed “stubborn files” since they can’t be deleted on the spot.

//////////////////////////////////////////////////////////////////////////
!!! STEPS ON HOW TO REMOVE RE101.EXE !!!
//////////////////////////////////////////////////////////////////////////

Note: You will need around 2 free programs to use, so above all the steps,
it’s essential to have a GOOD INTERNET CONNECTION,
or
download the programs somewhere else and save to a flash drive.

STEP 1:
Save all data from your USB flash drives to your PC. Place it in folders to recognize each.

After that, FORMAT your flash drives. Yes, format them, to delete all traces of the virus

Download PREVX CSI free scanner to confirm that the threat is re101.exe

Install and run the FREE scan. You don’t need a license since you only need the scan, not the clean up.

Run the scanner

The three suspected places stated above should contain the virus

The virus may also be seen in places where you copied your files from your flash drive
and may also show up in the scan, so remember to delete them later.

STEP 2:

Next, the virus files are hidden caused by the virus so you must edit the registry to see the files especially the hidden autorun on drive C.
Ordinary method of seeing hidden files is hi-jacked so what ever you do using this method is useless

Do these to see hidden files via registry:

Go to start -> run -> type “regedit”

At the explorer side bar, go here:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL

Method 1:
Look at the “CheckedValue” key…
it should look something like this: 0×000000 (0)
if the value in the parenthesis is “0″, right click the value and select modify. Change value data to “1″

if the said instructions does not look like any of those in the registry, do the following:

Method 2:
This should be a DWORD key. If it isn’t, delete the key.
Create a new key called “CheckedValue” as a DWORD (hexadecimal) with a value of 1.
The “Show hidden files & folders” check box should now work normally.

After step 2, you should see all hidden files, including the virus.

STEP 3:

>>To delete the hidden autorun:

Go to start -> run -> type “cmd”
This will open MS-DOS mode. Type in:

cd C:\
this will forward you to drive C

dir /a:h
this will display hidden files

del /a:h autorun*.*
this will delete any autorun files on drive C

to confirm deletion of the autorun, type again:

dir /a:h
this will display hidden files. If autorun is deleted, it will not show up anymore

STEP 4:

Download Dr. Delete from the internet. Any version will do but preferrably, I use version 1.
It forces deletion of programs on start-up.It is essential to use this in the removal of the components of the virus.

Install it on any folder, preferrably program files folder. But its is an rar SFX installer (self-extracting)
offering no shortcut implementation so better install on the desktop for convenience

Run the program (The one with the “three blocks” icon)

Then type these and delete one after the other:

C:\WINDOWS\SYSTEM32\_re101.exe
C:\re101.exe
C:\Program Files\Common Files\Microsoft Shared\MSInfo\re101.exe

Note that the virus may also be seen in places where you copied your files from your flash drive.
Remember to delete them too.

After you are done, restart the computer.

To confirm its removal, the above said characteristics will not be seen anymore. If not, you missed a part of the removal process.

If done, you may now hide the hidden files using the normal hiding process.

—-By AmmiL D.—-
4th year high school student, University of the Philippines Cebu