Guidelines for the Manual Removal of Viruses and Adware
To see a list of current threats Click here:
This document is provided as guideline for the curious...if your system will boot or connect to the
internet, inexpensive or free software such as Microsoft's recently released AntiSpyware,
Microsoft®
Windows Defender ~ For Microsoft® Windows Genuine Advantage (WGA) xp & W2K installs only... And while you
are at it... Take a tour and try, if you have not already,
Internet Explorer 8. This coupled with the proven security of the McAfee®
Site Advisor feature, which warns of potential link threats searched from your favorite web browser!!!
You will no longer need to worry about sites you visit or internet security ever again! But if you are not
using a Genuine Validated copy of windows xp or W2K, you will need to rely on one of the following:
LavaSoft Adware,
Kaspersky,
Trend Micro, or
McAfee®
(which in our opinion McAfee® is hands down the best bet for your overall anti-virus/firewall needs!)
, and lastly; but we highly advise against using
Norton Antivirus
or Spybot Search and Destroy.
Unfortunately, if you are using Norton, or Spybot, you should remove it immediately and install one of the
above instead. We highly suspect these two to be a major source of most adware/virus/spyware vulnerablilty!!!
Usually one of the above will correct these problems with a lot less hassle and risk. But if
you feel the urge to stick your fingers in the machinery to try to fix things, read on brave soul....
1. Click your start button, click on RUN, then type "regedit" in the box marked OPEN and click OK. This opens up the
system registry editor. Be careful using this tool...improper use of it can render a system unusable. At
any rate, the registry editor will look something like this:
2. Next, we will navigate the registry editor to reveal the contents of its run key, where the vast
majority of viruses start themselves as your system is loading windows. To do this, click on the little
plus-sign-in-the-square next to HKEY_LOCAL_MACHINE. The plus will turn into a minus, and another group of
cryptic looking folders with squares and pluses next to them will appear under it. These are known as
registry keys.
3. Open the SOFTWARE key by clicking on its plus-sign-in-the-box.
4. Next, browse the keys under SOFTWARE and open the Microsoft key.
5. Browse the Microsoft hive and open the Windows key.
6. Browse the windows key and open the CurrentVersion key.
7. Browse the CurrentVersion key, and open the Run key. Most items that start as soon as your
computer loads windows are told to start up by the entries in the right pane of the registry editor when
you open the run key. These items are known as Registry Values. Note that this picture of the
registry was from a healthy computer, which is overly clean. Typical home system running scanners,
multifunction printers, or CD Burners will have many more registry values in the Run key
8. Next, we're going to create safety mechanism to undo what you're going to do to the registry in case
you mess something up. This is known as Exporting the key. To do this, Click on the run key in the
left pane of the registry editor. From the dropdown menu at the top of the registry editor, Click on
File, then click on Export. The following window will appear:
You can save the file to any name you want....We like to call it runkeys, but that's just a
personal preference. Click save, and this will save a file called runkeys.reg to your hard drive.
The next step we'll take is to remove registry keys that are causing viruses to load. If, in the process
of doing so, something gets messed up, you can get back any keys you deleted from the run file by
double-clicking on the runkeys.reg file you created in this step.
|
|
 |
