Clean A Sneaky Virus

NOT ALL PAGES ARE CONVERTED TO CELL PHONE FORMAT!

 Home     Sitemap

www.diy-computer-repair.net logo

a Windows Registry - Clean virus.
Why clean a sneaky virus by cleaning the windows registry? Use a clean image instead! Hummm... but -

You picked up one from somewhere, your AV (Anti Virus) program found it and cleaned it out.

You deleted the infected files and emptied the Recycle Bin.

You need this in your IT Tool Box! Get yours today...

Troubleshoot, repair, maintain, upgrade & secure...

    With this!

After restart it is still there!

So how do you eradicate the sneaky, resilient things?

Well you have to do a little sleuthing, errrr investigating.

First open your Task Manager and go to the Processes tab.  Look for any thing out of the ordinary, if you use the Task Manager regularly you will be able to spot a new process that is running almost immediately. However if you don't use it frequently you will not be able to tell it from a normal process that runs each time the computer is started. Very few of them use the name 'virus.exe' by the way.

And haven't followed my advice on doing an backup of your System partition in case of a bad virus attack...

Next if you don't see a process that is unfamiliar open the Explorer and look at your Programs/Startup folder, see anything new?

Still can't find that sneaky thing?

Or if you see the it in the Task Manager or the Startup folder -

Next run regedit.exe to open the windows registry, go to the
HKEY_CURRENT_USER key, expand the key down to Software, under Software expand it down to Microsoft, under Microsoft expand it down to Windows, under Windows expand it down to CurrentVersion, under CurrentVersion expand it down to the Run key.

This is what the key would look like if you copied it:

The image, table, or PDF was removed because it will not display on your device. Check back on a PC...
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

In the right had column look at all the programs that run for your profile when you log on. Anything look unusual? A program you don't use? If you find something don't delete it yet.

Right click on the name, select 'Modify' and copy that information then paste it to either your word processor or notepad (I use notepad, it doesn't do any special formatting when you paste text in it).  Once you have the information high light the virus name and then delete it.

What if you didn't find anything unusual or the windows registry key was empty?

That is ok you would move on to the next step.

The next step is to go to the HKEY_LOCAL_MACHINE key and expand it the same way as above it will look like this:

The image, table, or PDF was removed because it will not display on your device. Check back on a PC...
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

As above look for anything unusual in the right hand column, if you find anything use the steps above to copy the information about the virus.

The information you copied will give you the actual executable file and it's location.

Next copy the executable file name and extension, go to the search function of Regedit and do a search for any more keys where the sneaky thing is hiding. When you find one delete the complete key, to do that go to the left hand column and highlight the name of the key and press delete.

Note: If you found the executable name in the Task Manager or the Startup folder do your search and when you find the key copy the information to the location of the executable file then delete the key.

Keep searching until regedit comes up with the "Finished searching through the registry." and click ok.

The virus executable name is not in the windows registry any more.

Next go to the folder where the executable is hiding and delete the complete folder, deleting only the infected file will not kill it off entirely. Sometimes the thing is hiding in another file, if this is the case you have a 99% chance it is in that folder.

Restart your computer.

Did you kill it off? If so then run your AV scan in Safe Mode again but do a full scan of all files in all drives. If the scan comes back clean then you have eradicated the thing.

However if you find you didn't kill it off then it is hiding in one of the startup files, it could be in a dll or a driver.

Do you have as image of the C: drive and ghost32? You may have to use it.

You will find more information about the windows registry and how to clean it in the


Emergency Repair
Disk (ERD) - Will Yours Work?

Emergency
Repair Disk

Custom made for you...

You keyboard isn't thirsty, and it doesn't need calcium. Milk and other liquids will ruin a keyaboard!

This Web
Site is a
labor of Love!
But Love
doesn't pay
the bills!
Please chip in $5 to keep it live...
use your card...
NOTE: Checklists and manuals are temporally off line...
Need A Checklist?
Need A Repair Manual?

    Page copy protected against web site content infringement by Copyscape
 

You can:

Return to
previous page:

Note: Adobe has stopped production / update of the Flash program, until I find a suitable replacement videos on this web site will not run, the blank space is a place holder for those videos...

 

 

 

 

Thank you for visiting my web site, and please come back again.

This website is not intended for children under the age of 18.

Author of this web site: Monte Russell

FTC Endorsement Rules

All testimonials on the DIY Computer Repair web site are from
customers who were not paid to comment on any products!

The Flag of The United States of America!   Proudly Made in The U. S. A.

Copyright and Registered to www.diy-computer-repair.net, all thieves will be prosecuted to the fullest extent of international law!www.diy-computer-repair.net
From the Desert South West ~ Arizona, U. S. A.
Copyright DIY-Computer-Repair.Com 2006-2025



Return to top of Windows Registry

Windows Registry - Clean out a virus





Home    About    Sitemap

From the Desert South West ~ Arizona, USA
Copyright www.diy-computer-repair.net 2006-2021