22 replies to this topic

[seargentpepper7]

How to manually remove viruses!

Have you ever been in the possition that you know you have an virus but you dont have any antivirus?? Its almost impossible to remove it manual without knowing about a few tips & tricks.
After reading this turtorial im sure you will know how to manual remove most of the virus lurking around. But that dosnt mean you shouldnt have any anti virus on you computer!
Anyway, lets get starting with the turtorial.. I suppose you already know what safe mode is. If you dont try pressing the F8 key some times when you start your computer. You havto do this when your computer is about to start the first windows components. In win2k or xp i think you can press space and then F8 when it ask you if you want to go back to previous working setting.
Enough talk about how to start you computer in safe mode, but if you want to manual remove viruses you almost everytime haveto do this in safe mode becouse in safemode most viruses dosnt start. Only some few windows component is allowed to run in safemode. So here is what to do.
Step: 1: Start your computer in safemode.
2: If you know where the virus are hiding delete the executable file.
3: Open the registry and go to the keys below and add an : in front of the value of the string that you think its the virus. Like this, if string is "virus" and its value is "c:\virus.exe" change its value to ":c:\virus.exe". The : is like comenting out the value. But if you are sure its the virus you can just delete the string.
Here are the keys you maybe want to look at:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce

4: The virus can start itself from some other places to. win.ini is the most common files that viruses can use. Soo you should find the files named win.ini and system.ini and look through them and see if you find anything.
5: Look through the startup folder that is normaly located in your profile directory \Start Menu\Programs\Startup.
6: Try searching for the virus executable to see if its hiding some other place.
7: Finally look through the list of services that windows is running. This list is often located under control panel - administrative tools - services. After this 7 steps just reboot your computer in normal mode and try to figure out if the virus is still there.. If not SUCCESS if yes, try to go back to safe mode and hunt some more. Off course this 7 steps will not work on every virus out there, but many of them.

WARNING: Be careful when in the registery because you can cause serious damage to your system in there.

[mrhesham]

you can try avast anitvirues is very fast and very eazy in use and u can try kaspersky its very fast too but make sure u update the
programme to find any virus in your system and scan your computer full scan and try to close all programme to
be sure you will find all virus fast and easy and remove it easy and scan your computer evry time ....

[X_X]

Viruses hide themselves in computers.. its pretty hard for a normal user to find it.. and if he/she does find it.. now comes deleting it.... when you try to delete it something will pop-up saying you cant..

and ..ect

[csp4.0]

Thats why you always delete viruses when you're in safe mode, or you end the virus' process first

[Tetraca]

You don't need to deal with problems such as virii through safe mode nor antivirii programs. If you setup a limited user account like you should have for security and did all the proper settings to keep you perfectly safe(unless you do something inherintly stupid), then, most likely, you will:
a) Prevent a virus from being installed on your computer without your consent
Quarantine a virus to nothing more than your account if you ran the setup program within your account. What this means is if anything goes wrong, you can just back up your data, delete your limited user account through your administrator account, recreate it, and you've removed the virus. However, if you ran as an administrator the process gets a bit complex, especially if you have one of the active virii that will hide themselves even in safe mode, or run as a protected process so you are unable to shut it down to delete it. At that point is when you should start digging for your backup CD and buy that DVD burner.
All antivirus programs are are a waste of money! Setup a router, limited user account, complex password on your administrator account, use a browser with few security holes and be careful what you install on your computer(Even if you just to the last two), you will be safe, and not sacrifice your processor speed for a process which your computer does not need. In addition you don't have to deal with the amount of space wasted by the antivirus software or the consistent nagging of it.

Funny thing is this is exactly how Unix systems are setup, and that's half the equation of why they are more secure.

[webointer]

seargentpepper7, on Apr 16 2007, 03:02 AM, said:

How to manually remove viruses!

Have you ever been in the possition that you know you have an virus but you dont have any antivirus?? Its almost impossible to remove it manual without knowing about a few tips & tricks.
After reading this turtorial im sure you will know how to manual remove most of the virus lurking around. But that dosnt mean you shouldnt have any anti virus on you computer!
Anyway, lets get starting with the turtorial.. I suppose you already know what safe mode is. If you dont try pressing the F8 key some times when you start your computer. You havto do this when your computer is about to start the first windows components. In win2k or xp i think you can press space and then F8 when it ask you if you want to go back to previous working setting.
Enough talk about how to start you computer in safe mode, but if you want to manual remove viruses you almost everytime haveto do this in safe mode becouse in safemode most viruses dosnt start. Only some few windows component is allowed to run in safemode. So here is what to do.
Step: 1: Start your computer in safemode.
2: If you know where the virus are hiding delete the executable file.
3: Open the registry and go to the keys below and add an : in front of the value of the string that you think its the virus. Like this, if string is "virus" and its value is "c:\virus.exe" change its value to ":c:\virus.exe". The : is like comenting out the value. But if you are sure its the virus you can just delete the string.
Here are the keys you maybe want to look at:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce

4: The virus can start itself from some other places to. win.ini is the most common files that viruses can use. Soo you should find the files named win.ini and system.ini and look through them and see if you find anything.
5: Look through the startup folder that is normaly located in your profile directory \Start Menu\Programs\Startup.
6: Try searching for the virus executable to see if its hiding some other place.
7: Finally look through the list of services that windows is running. This list is often located under control panel - administrative tools - services. After this 7 steps just reboot your computer in normal mode and try to figure out if the virus is still there.. If not SUCCESS if yes, try to go back to safe mode and hunt some more. Off course this 7 steps will not work on every virus out there, but many of them.

WARNING: Be careful when in the registery because you can cause serious damage to your system in there.

ADVICE for delete virus manually, install NOD32 (in my opinion best antivirus program), put your computer in Safe Mode and last step is to start up NOD32, begin with "On-Demand Scan".

[Tramposch]

Very nice tutorial, not for me though... Im not greates with whatever you just said..

I just use an anti virus programm. i hear norton sucks? and slows u down? is that true

Edited by Tramposch, 01 June 2007 - 08:42 PM.

[Azeri_boy]

Norton is powerfull antivirus but really slows computer down. NOD32 is the best antivirus. and among free antivirs Avast is good. AVG is also not bad.
This tutorial is fine for newbies. But most viruses can not be so easily found and deactivated. Use ANTIVIRUS instead!!!

[iGuest]

Is this safe?
How To Manually Remove Viruses!

I deleted two cookies and a misleader downloader app that was infecting my computer; I ran AVG Free, it told me the virus and its location, but said I had to download the pro to have them delete it. So I followed the path, read something like "C:///Windows/temp/mssole.Dll" (Thats not correct but its approximate), found the file, and deleted it. I just wondered, did it remove it all? I don't have any trouble with it, but I didnt before either, it just said it was high risk. But with a file/virus/trojan, is there ever danger of leaving tracers? I didnt even think of going safe mode, very lucky it wasnt in registry. I will definitely do that next time. Buuttt... JW for future reference.

-reply by Lance

[euverve]

You have forgot the shell and the userinit.

Or you can use autoruns to simply delete viruses at autorun entry.

[iGuest]

Date, Antiquated adviceHow To Manually Remove Viruses!

I create viruses for a living...The advice listed here was relevant about two years ago. Most viruses today can and will function in safe mode, can not be deleted because it's a protected process, and are hidden within critical executables. My function is too create havoc on corporate network infrastructures, in order to solicit my services of remedy.My advice to someone in regards to antivirus software. Don't waste any money on anti virus. There are a few decent and fairly accurate "Free" antivirus suites out there. My overall favorite, because of performance and accuracy is; AVG free edition 8.0. It's doesn't slow down the computer as much as NORTON, McAFEE or some of the other premium suites. It's just as accurate and at times more accurate in detecting potential viruses.There are also definition updates regularly...And best of all, ITS FREE!

-reply by HackerMacker

[iGuest]

Good article.But you try also this :

http://www.Softslas.Com/remove-virus-from-computer-manually/279/

-reply by Softslas

[Diffusr]

So you thought WinAntiVirus Pro would be good? It isn't. This is a nasty, malicious application masquerading as a legitimate antispyware package. This program is actually a variant of Trojan.Zlob. Using "security alerts" that look convincing, the makers try to frighten noobs and innocent users into believing that they have their system infected with all kinds of security threats.

If you happen to fall into the trap of downloading the free scan that is offered, the resulting threats shown in that scan are just made up. The intention of the producers of this application is that you believe these supposed infections are real and will harm your PC, so you will buy their product.This would be a *BLEEP* move, because WinAntiVirus Pro does not really scan your PC and it has no ability to detect repair or remove anything at all.

Malicious software applications like these will often hijack your browser, taking you repeatedly to websites that you have no desire of seeing. If you have security weaknesses in your system, it may exploit them, disabling critical system files that your PC needs to run optimally. Due to the large amount of system resources and memory these rogues use, your computer will likely slow right down and perform like a sack of rotten spuds.

WinAntiVirus Pro and their ilk can install without you knowing or giving your permission. The ways this can happen are when you visit dodgy websites, downloading certain files like music or games, and of course links in spam emails. The signs you have it are constant pop-up ads, security warnings that will send you nuts and the browser redirecting itself along with sluggish performance or total freezing are the obvious giveaways.

When you realise this crappy software is installed on your PC, you must remove it at once. It could further damage your computer by installing additional malware which gets worse the longer it stays there. It's possible to remove it manually, but not adviseable because of how hard it isl and you might do further damage to your system. The best way to remove WinAntiVirus Pro is to use a reputable antispyware product that is man enough for the job. You may have to reinstall your OS.

[Alex Cicala]

mrhesham, on Apr 17 2007, 05:00 AM, said:

you can try avast anitvirues is very fast and very eazy in use and u can try kaspersky its very fast too but make sure u update the
programme to find any virus in your system and scan your computer full scan and try to close all programme to
be sure you will find all virus fast and easy and remove it easy and scan your computer evry time ....

Although Avast is free and also I may add AVG. They are good programs for virus defense. But there 2 major flaws are resource usage and internet usage. If you want to download AVG or Avast slow down your speed. Also when the programs do HDD scans the resource usage is very high.

[rougue]

euverve, on Nov 20 2008, 04:52 AM, said:

You have forgot the shell and the userinit.

Or you can use autoruns to simply delete viruses at autorun entry.

euverve can you please shed some light on this...

[templehost]

seems you all are a big xp freakers around here
any ways i tried it but it went above the dos commands and finally i got in nothing as i think i should try out something other like antivirus or so and not to forget the main and the most used firealarm and also with a regular update it will make my comp semi virus free and also a nice and slow comp as the most of the cpu will be in use with the different processes on there and also it wil make me feel somewhat tired as i am bored of waiting in computer after typing something

[onkarnath2001]

seargentpepper7, on Apr 16 2007, 06:32 AM, said:

How to manually remove viruses!

Have you ever been in the possition that you know you have an virus but you dont have any antivirus?? Its almost impossible to remove it manual without knowing about a few tips & tricks.
After reading this turtorial im sure you will know how to manual remove most of the virus lurking around. But that dosnt mean you shouldnt have any anti virus on you computer!
Anyway, lets get starting with the turtorial.. I suppose you already know what safe mode is. If you dont try pressing the F8 key some times when you start your computer. You havto do this when your computer is about to start the first windows components. In win2k or xp i think you can press space and then F8 when it ask you if you want to go back to previous working setting.
Enough talk about how to start you computer in safe mode, but if you want to manual remove viruses you almost everytime haveto do this in safe mode becouse in safemode most viruses dosnt start. Only some few windows component is allowed to run in safemode. So here is what to do.
Step: 1: Start your computer in safemode.
2: If you know where the virus are hiding delete the executable file.
3: Open the registry and go to the keys below and add an : in front of the value of the string that you think its the virus. Like this, if string is "virus" and its value is "c:\virus.exe" change its value to ":c:\virus.exe". The : is like comenting out the value. But if you are sure its the virus you can just delete the string.
Here are the keys you maybe want to look at:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce 
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx 
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices 
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce

4: The virus can start itself from some other places to. win.ini is the most common files that viruses can use. Soo you should find the files named win.ini and system.ini and look through them and see if you find anything.
5: Look through the startup folder that is normaly located in your profile directory \Start Menu\Programs\Startup.
6: Try searching for the virus executable to see if its hiding some other place.
7: Finally look through the list of services that windows is running. This list is often located under control panel - administrative tools - services. After this 7 steps just reboot your computer in normal mode and try to figure out if the virus is still there.. If not SUCCESS if yes, try to go back to safe mode and hunt some more. Off course this 7 steps will not work on every virus out there, but many of them.

WARNING: Be careful when in the registery because you can cause serious damage to your system in there.

better you use a good antivirus and if you delete it manually atfirst you have to stop that process from task manager which the virus is already running or it give give you a delete protection error.
if you stopped a process of virus bu don't know where it is located on the hdd,,simply make a search but do check"serach hidde,system files"option because always viruses set their attribute as a system file or atleast a hidden one.
though you get the location and you are not able to delete ,,try to delete it using dos .go to the path of the file.
suppose file is in f drive type cd f: and press enter.
now normalize the attributes.
type attrib -h -s -r filename.extname and press enter,
now delete the file,it will be easily deleted.
regards

[contactskn]

I think manual removal according to me might be very difficult concept and not always be successful also. So using a virus removal software is good. I use quick heal and in my office Office scan online virus scanner is installed. And the important part of it is updating it regularly.

[showtime]

If you are tired of sitting and waiting for your anti-virus software to remove the new virus infection, the steps below are for you. No programming skills are required! Just a basic knowledge of command prompt syntax will do...for this demo, the virus is on the portable USB drive (e:\virus) named virus.vbs

So here we go, its very simple, if the above things dont work:

# Create a back-up. Safety comes above all else. Save your files on removable storage or on another partition aside from the Windows drive.
# Run the Windows command prompt. You can run the Windows command prompt by either clicking on the Start Menu\All programs\Accessories\Command Prompt or by pressing Windows + R on the keyboard and typing "CMD."
# Look for the directory or folder where the virus resides. Go to the folder where the virus is hiding. Its usually resides on the Windows temporary folder or on the Windows system folder. Check partitions and drives for viruses, e.g. type "cd e:\virus"
# Show the hidden virus and remove its attributes. It will be easier if you can see the virus. Remove the virus attributes, which are read only, archive, system file, and hidden file. e.g. type "attrib -r -a -s -h virus.vbs"
# Delete the virus. Say goodbye to the virus by deleting it, e.g. type "del virus.vbs"

[iGuest]

Spell Check and Grammar CheckHow To Manually Remove Viruses!

Please run your responses through a spell check and grammar check. All the great things you say are lost because of your poor English skills; Spell Check and Grammar Check in MS Word can help; then paste it into your message and in the meantime, don't bother applying for any job where you need to write something.

TDM

-reply by TD Man

[iGuest]

AntivirusHow To Manually Remove Viruses!

I have a network of more than 100 computers. All of a sudden my network goes down. I found that one of the pc was the culprit, which makes the network down. So I unplugged the network cable of that PC and the network is fine and running. I installed multiple antivirus and scanned , but couldnt find any viruses. So to make sure I once again plugged this computer to the network. Alas, again the network went down. So which virus would this be? Any help or comment on this is appreciated. My operating system is winxp, Antivirus tried - Mcafee Total Protection, Avira, Micorsoft Security Essentials etc.

-reply by Scott