Note: This solution will work only against those Viruses which does not infect Windows own Exe files e.g like explorer.exe
Virus Symptoms
You may have seen some unexpected things that should not happen. Some of the symptoms of viruses are:
Disables Task Manager
Disables Registry Editor
Disables Command Prompt
Sometime you have no application open but CPU usage goes over 50%
My Computer Drives not opening by Double Click
Automatic Shutdown
Computer Slows down
Hidden Files will not be showing
Folder Options will be disappear
Manual Removal
If you have tried all the solutions listed on our site and still could not disinfect your system then try to manually remove the virus using the instructions below. There are four steps
Caution: While the manual
process is going on do not open any My Computer drive through My
Computer
1. Process Terminination
In order to compelete the
instructions below. You need to have Process Explorer and Autoruns.
Download them separately
Close and exit all programs (even from tray) except Internet Explorer
or your internet browser.
Run process explorer by typing procexp in the start menu
Run and do as illustrated.
After collapsing
procexp.exe is Process Explorer’s own process
All the system process are collapsed in the system tree, so if you see a process like winlogon.exe in explorer tree then it is surely a virus
If you do see any suspicious process, Processes can be sought for their suspiciousness at http://www.processlibrary.com/
Right click on it if the process is found and then properties. In the path: field copy the path and Open Run Dialogue and paste the path there
Now terminate the suspicious task in process explorer
If the same process starts again then suspend the process by right clicking on it and click suspend on the menu. Remove the name of the application from path now listing only folder.
e.g If you have copied C:\WINDOWS\system32\mspaint.exe then remove mspaint.exe and you will see C:\WINDOWS\system32\ this in the Run Dialogue.
2. File Deletion
The second step is deleting files. Download 7-ZIP which will show you all hidden files and go through the root path of every drive
Delete .exe and autorun.inf like
ravmon.exe, smss.exe,Funny UST Scandal.exe
But do not delete these files as these are system files
autoexec.bat, boot.ini, bootmgr,config.sys, io.sys, msdos.sys, ntdetect.com, pagefile.sys,ntldr, hiberfil.sys
3. Removal of startup entries
Now you have successfully terminated virus process the next thing is to remove those virus files which run upon system start.
Open Autoruns by typing autoruns in the Run Dialogue. Wait while refreshing completes.
In the Options –> Hide Microsoft Entries. And click Refresh button on the interface OR Close the program and start again
After scanning completes select Logontab and uncheck all the entries be sure do not unselect any Microsoft Entry.Restart system for the changes to take effect.
4. Restoring Windows Default settings
Use Smart Anti-Virus to restore some settings
Smart Anti-Virus
Now scanning your system for an fully functional Anti-Virus will be the last suggestion as my own Anti-Virus can only catch almost 10 viruses
Troubleshooting
Incase of any problem. you did a wrong move. Open Autoruns, in the Options –> Unselect Hide Microsoft Entries. And click Refresh button on the interface OR and select all entries .Close the program and start your system again.
Manually Removing PC Viruses
April 9, 2008 by snehalmasne Have you ever been in the possition that you know you have an virus but you dont have any antivirus?? Its almost impossible to remove it manual without knowing about a few tips & tricks.
After reading this turtorial im sure you will know how to manual remove most of the virus lurking around. But that dosnt mean you shouldnt have any anti virus on you computer!
Anyway, lets get starting with the turtorial.. I suppose you already know what safe mode is. If you dont try pressing the F8 key some times when you start your computer. You havto do this when your computer is about to start the first windows components. In win2k or xp i think you can press space and then F8 when it ask you if you want to go back to previous working setting.
Enough talk about how to start you computer in safe mode, but if you want to manual remove viruses you almost everytime haveto do this in safe mode becouse in safemode most viruses dosnt start. Only some few windows component is allowed to run in safemode. So here is what to do.
Step: 1: Start your computer in safemode.
2: If you know where the virus are hiding delete the executable file.
3: Open the registry and go to the keys below and add an : in front of the value of the string that you think its the virus. Like this, if string is “virus” and its value is “c:\virus.exe” change its value to “:c:\virus.exe”. The : is like comenting out the value. But if you are sure its the virus you can just delete the string.
Here are the keys you maybe want to look at:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce
4: The virus can start itself from some other places to. win.ini is the most common files that viruses can use. Soo you should find the files named win.ini and system.ini and look through them and see if you find anything.
5: Look through the startup folder that is normaly located in your profile directory \Start Menu\Programs\Startup.
6: Try searching for the virus executable to see if its hiding some other place.
7: Finally look through the list of services that windows is running. This list is often located under control panel - administrative tools - services. After this 7 steps just reboot your computer in normal mode and try to figure out if the virus is still there.. If not SUCCESS if yes, try to go back to safe mode and hunt some more. Off course this 7 steps will not work on every virus out there, but many of them.
-Be carefull with the registery, dont mess it up, if u do ur computer is ****** lol, depends on wat u mess up, i suggest u made a system restore point first, so incase someting happens you can go back on it.
0 comments:
Post a Comment