Thread: Manual virus removal (when all hope is lost)

MANUAL VIRUS REMOVAL XP (WORKS MOST OF THE TIME 99% IF DONE CORRECTLY. HOWEVER, SOME VIRUSES JUST DIG IN TOO DEEP AND THEREFORE WONT GO AWAY UNTIL YOU RE-INSTALL YOUR OS).




WARNING!!! THESE STEPS ARE USED IN XP ONLY, VISTA METHODS ARE PROBABLY THE SAME BUT I’M NOT SURE BECAUSE I HATE VISTA AND I DON’T USE IT, SORRY J
I AM NOT RESPONSIBLE FOR ANY DATA LOSS OR PROBLEMS YOU MIGHT GET WITH YOUR OS/PC. IF YOU DO NOT KNOW WHAT YOU ARE DOING IT IS BETTER TO LEAVE THIS TUTORIAL ALONE OR GET SOME HELP FROM SOMEONE WHO KNOWS A LITTLE BIT MORE ABOUT IT. MAKE SURE YOU HAVE IMPORTANT DATA BACKED UP ON AN EXTERNAL STORAGE DRIVE OR DIFFERENT PARTITION SO THAT YOU CAN REINSTALL/REPAIR YOUR OS IF NECESSARY.

1.First off, scan with your virusscan software (full system scan) and let the software remove everything it can. (I recommend Bitdefender Internet Security or total security pack, as it is the best in my opinion when it comes to removal and memory/cpu usage).
(make a note on paper, which files it cannot delete and its location. Mostly the following directories are the target:
a.C:\Windows\System32
b.C:\Windows\
c.C:\Documents And Settings\%USERNAME%\Local Settings\Temp
d.C:\Documents And Settings\%USERNAME%\Local Settings\Temporary Internet Files\
e.C:\Documents And Settings\%USERNAME%\Local Settings\TempDIR\

2.Secondly (not really necessary against viruses, but more for cleanup reasons). Install (trial or full edition) of Advanced System Optimizer and then perform two scans with it:
a.System And Disk Cleaner
b.Registry Cleaner And Fixer

3.Next you need to get into Safe Mode. You get into Safe mode by rebooting your PC/Laptop and pressing the F8 button during boot (About 4 seconds before the XP Logo appears).
4.When you are in Safe mode, Delete all the files you can in the following folders: (these are the things that you pick up from the internet).
a.C:\Documents And Settings\%USERNAME%\Local Settings\Temp
b.C:\Documents And Settings\%USERNAME%\Local Settings\Temporary Internet Files\
c.C:\Documents And Settings\%USERNAME%\Local Settings\TempDIR\
5.Now, you need to check the notes you made on your paper. If you have other viruses that were not in the folders stated above but in the system32 folder (for example c:\windows\system32\virus.exe). Then you need to delete all those exe files. (HOWEVER, BEFORE YOU DELETE THEM, GOOGLE IT FIRST BECAUSE 99% OF THE ACTUAL VIRUSSCAN WARNINGS ARE TRUE BUT 1% OF THE THINGS VIRUSSCANNERS FLAG ARE ACTUAL LEGIT FILES AND NOT VIRUSSES).
6.When you have done that, there is one critical step left, The registry.
7.You start the registry by typing ‘regedit’ in the Run field (Start, Run).
8.When Regedit has started, go to the following location in the registry:
a.HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur rentversion\Run
b.HKEY_LOCAL_MACHINE\ Software\Microsoft\Windows\Currentversion\Run
c.HKEY_LOCAL_MACHINE\ Software\Microsoft\Windows\Currentversion\RunOnce
d.HKEY_LOCAL_MACHINE\ Software\Microsoft\Windows\Currentversion\RunOnceE x
9.If you see any of the names of the viruses in the NAME FIELD or in the DATA FIELD path, you need to delete those registry keys by doing a right mouseclick on it and then selecting delete.
10.When you have done that for all the viruses located, you are finished and you can reboot.

ADVANCED MODDING (ONLY FOR USERS WHO HAVE EXPERIENCE OR ARE WILLING TO PUT A LITTLE BIT MORE TIME AND EFFORT IN IT):
1.In the Following Registry Folders:
a.HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur rentversion\Run
b.HKEY_LOCAL_MACHINE\ Software\Microsoft\Windows\Currentversion\Run
c.HKEY_LOCAL_MACHINE\ Software\Microsoft\Windows\Currentversion\RunOnce
d.HKEY_LOCAL_MACHINE\ Software\Microsoft\Windows\Currentversion\RunOnceE x
2.If you find any key value you are not sure of, google the file (not the complete path) to check whether it’s a legit file or virus: (for example the registry key SunJavaUpdateSched has the following data field: "C:\Program Files\Java\jre6\bin\jusched.exe"). You google jusched.exe to see whether it’s a virus or not.
This way you can clean up a little bit more, just to make sure that every exe file that start during boot is legit.

3.The top 2 website that give you a view of legit processes are:
a.ProcessLibrary.com - The online resource for process information!
b.http://www.whatsrunning.net/whatsrun...focentral.aspx


If my tutorial has helped you in any way, you can always help me get my rep up! thanks!

Thanks for the info because I might be needing this in an emergency.

thanks for the info

Yeah, I always use this method on my pc's.

Im running OSX now so i dont get viruses lol.

lol, yeah, the great things about any other OS except windows, pretty much virusfree

Originally Posted by FunnyBrownGuy

Yeah, I always use this method on my pc's.

Im running OSX now so i dont get viruses lol.

thanx man my cimputer got repaired

as far as i know, windows is one of the most secure os's. i won't start a dispute here, but as the most popular one, it's in a way normal to have the most people coming with the most solutions to secure it properly.

Thanks good to know

+rep man i sent this to a friend of mine and he says it helped :P