Sunday, 26 March 2017

Windows XP Security: Manually Remove Viruses from Your PC

If you have a lot of popups or an advertisement for fake antispyware,  you have malware of on your PC. Here’s how to manually remove the virus from running in the first place. The majority of viruses in Windows XP are easy to find — and they’re more conspicuous than you would think.

Start in the registry. Most viruses launch when you log into Windows — they typically call an executable from the registry. In fact, that call will tell you exactly where the virus resides.
Click Start. Click Run and type: regedit.exe
Click OK.
open regedit.exe
Registry Editor opens. Expand HKEY_CURRENT_USER.
registry editor hkey_current_user
Then expand Software.
software
Next expand Microsoft.
microsoft registry hive
Now expand Windows.
windows
Then expand CurrentVersion.
windows currentversion
Click on the Run folder. Here you’ll find some of the programs that launch on startup. A rule of thumb: a virus is a randomly generated string that makes no sense. Usually software writers title their files with names that describe what they do. At first glance — this is an example  from a real virus I uprooted — it’s VpKspPwxlCbXa. This is likely a virus.
The real giveaway that this is a virus is the location of the application it’s calling. It’s in the Application Data folder. It launches every time you log in. So no matter how many times you reboot, it comes right back.
Write down where the virus resides. In this case, it’s in the All Users Application Data folder. Then simply right-click the registry key and delete it. Now you haven’t actually deleted the virus, you’ve only deleted the call that launches it, which is doing the minimum. A virus is just a program, after all, so if the virus doesn’t launch it does no harm. But delete the file system anyway.
Now it’s time to go to the Application Data Folder. There is more than one — follow the path exactly as you wrote it down.
registry run key
Now right-click My Computer. Select Explore.
Launch windows explorer
Expand Documents and Settings.
expand documents and settings
Expand All Users
expand all users
Click on Application Data.
click application data
Try to delete the virus — just right-click and delete it.  It’s not likely you can because it’s running in memory. Do rename it, though. You want to rename that .exe to anything else.
rename file
After you rename it, reboot the PC and return to the same location.
Because you’ve deleted the call from registry the virus won’t run in memory. Now you are able to delete it. Do it!
image
This set of steps comes in really handy when you have a virus or malware that your antivirus software doesn’t catch. Remember to always keep your PC and antivirus software up-to-date.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)