Have you ever been in the position that you know you have a virus but you don’t have any antivirus? It’s almost impossible to remove it manual without knowing about a few tips and tricks.
After reading this, I’m sure you will know how to manual remove most of the virus lurking around. But that doesn’t mean you shouldn’t have any antivirus on your computer.
I suppose you already know what safe mode is. Press the F8 key some times when you start your machine. You have to do this when your computer is about to start the first windows components before welcome window logo’s appeared in your screen. In windows XP i think you can press space and then F8 when it asks you if you want to go back to previous working setting.
Enough talk about how to start you computer in safe mode, but if you want to manual remove viruses you almost every time have to do this in safe mode because in safe mode most viruses’ doesn’t start and running. Only some few windows file program component is allowed to run in safe mode.
After you start your computer into safe mode, log into administrator and open windows file in local c, search for all viruses in prefetch anf sys32 if you know what the virus file name and where the virus are hiding. After you found all the viruses, delete it manually.
Open the registry editor (click run in start menu type this and ok- ‘regedit’). You must go to the code keys below and add an: in front of the value of the string that you think its the virus. Like this, if string is "virus" and its value is "c:\virus.exe" change its value to ":c:\virus.exe". The: is like commenting out the value. But if you are sure it’s the virus you can just delete the string.
Here are the keys you maybe want to look at:
CODE KEYS:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce
The virus can start itself from some other places to’ win.ini’ is the most common files that viruses can use. So you should find the files named ‘win.ini’ and ‘system.ini’ and look through them and see if you find anything. After that look through the startup folder that is normally located in your profile directory in Start Menu\Programs\Startup and also look at misconfig in control panel under startup tab’s. Other than that, try searching for the virus executable to see if it’s hiding some other place in c/windows/system32.
Finally look through the list of services that window is running. This list is often located under control panel in services of administrator tools. After all the steps above just reboot your computer in normal mode and try to figure out if the virus is still there. If not SUCCESS if yes, try to go back to safe mode and hunt some more or you can use the task manager to stop all viruses programs running example, ‘gethtis.exe, oxbvpen.exe, obex.exe and so on’. After that, search for all virus files in windows/system32 and delete it.If not succes Off course this steps will not work on every virus out there, but many of them.
WARNING: Be careful when in the registry because you can cause serious damage to your system in there.
No comments:
Post a Comment