Administrator
Number of posts: 83
Age: 35
Localisation: USA
Registration date: 2007-05-28
 |  Subject: 100 TROJAN MANUAL REMOVAL METHODS (3)  Tue Jan 08, 2008 7:29 pm | |
| Remove Trojans v1.7:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ RunServices
\\\\\\\\
View to the right item: C: \\\\\\\\ windows \\\\\\\\ kernel16.dl and delete
Close preservation Regedit and restart Windows
Delete the C: \\\\\\\\ windows \\\\\\\\ kernel16.dl
OK
Remove Trojans v1.8:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ Run and
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ RunServices
\\\\\\\\
Find the right of the item to: c: \\\\\\\\ windows \\\\\\\\ system.ini., And delete
Close preservation Regedit.
Open win.ini file
View to run = kernel16.dl
Changed to run =
Close preservation win.ini.
System.ini file open
View to the shell = explorer.exe kernel32.dl
Changes to explorer.exe shell =
Close preservation system.ini, restart Windows
Delete the C: \\\\\\\\ windows \\\\\\\\ kernel16.dl
OK
Remove Trojans v1.9 - 1.9b:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ Run and
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ RunServices
\\\\\\\\
Delete the right of the item: RegistryScan = "rundll16.exe"
Close preservation Regedit and restart Windows
Delete the C: \\\\\\\\ windows \\\\\\\\ rundll16.exe
OK
Remove Trojans v2.0:
System.ini file open
View to the shell = explorer.exe trojanname.exe
Changes to explorer.exe shell =
Close preservation system.ini, restart Windows
Delete c: \\\\\\\\ windows \\\\\\\\ rundll16.exe
OK
Remove Trojans v2.1 - 2.1 SubStealth Gold + + 2.1.3-2.1.3 Mod MUIE + 2.1 Bonus:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ Run and
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ RunServices
\\\\\\\\
Delete the right of the item: WinLoader = MSREXE.EXE
Hkey_classes_root \\\\\\\\ exefile \\\\\\\\ shell \\\\\\\\ open \\\\\\\\ command
Will be changed to the right of the item: @ = "\\\\\\\\"% 1 \\\\\\\\ "% *"
Close preservation Regedit.
Open win.ini file
View and to run = msrexe.exe
Load = msrexe.exe
Changed to run =
Load =
Close preservation win.ini.
System.ini file open
View to the shell = explore.exe msrexe.exe
Changes to explorer.exe shell =
Close preservation system.ini, restart Windows
Delete the C: \\\\\\\\ windows \\\\\\\\ msrexe.exe
C: \\\\\\\\ windows \\\\\\\\ system \\\\\\\\ systray.dll
OK
V2.2b1 remove Trojans:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ Run and
Delete the right of the item: Loader = "c: \\\\\\\\ windows \\\\\\\\ system \\\\\\\\ ***"
Note: Loader and documents were randomly change the
Close preservation Regedit.
Open win.ini file
Changed to run =
Close preservation win.ini.
System.ini file open
Changes to explorer.exe shell =
Close preservation system.ini, restart Windows
Delete the Trojans should be relative
OK
88. Telecommando 1.54
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ Run \\\\\\\\
Delete the right of the item: SystemApp = "ODBC.EXE"
Close preservation Regedit and restart Windows
Delete the C: \\\\\\\\ windows \\\\\\\\ system \\\\\\\\ ODBC.EXE
OK
--
89. The Unexplained
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ Run \\\\\\\\
Delete the right of the item: InetB00st = "C: \\\\\\\\ WINDOWS \\\\\\\\ TEMPINETB00ST.EXE"
Close preservation Regedit and restart Windows
Delete the C: \\\\\\\\ WINDOWS \\\\\\\\ TEMPINETB00ST.EXE
OK
90. Thing v1.00 - 1.60
Remove Trojans v1.00-1.12:
Click directory to:
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ Run \\\\\\\\
Delete the right of the item: (Default) = "C: \\\\\\\\ some \\\\\\\\ path \\\\\\\\ here \\\\\\\\ thing.exe"
There are also some in:
HKEY_LOCAL_MACHINE \\\\\\\\ System \\\\\\\\ CurrentControlSet \\\\\\\\ control \\\\\\\\ SessionManager \\\\\\\\ Known16DL
Ls \\\\\\\\
Delete the right of the item: wsasrv.exe = "wsasrv.exe"
Close preservation Regedit and restart Windows
Delete the C: \\\\\\\\ some \\\\\\\\ path \\\\\\\\ here \\\\\\\\ thing.exe
OK
Remove Trojans v 1.20 version:
MS_DOS enter:
Del winspc13.exe
Del ms097.exe
System.ini file open
View to the shell = explorer.exe ms097.exe
Changes: shell = explorer.exe
Close preservation system.ini, restart Windows
OK
Remove Trojans v1.50 version:
Click directory to:
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ Run \\\\\\\\
The project path and file name is changed randomly and inspect suspicious documents path, it will be deleted.
Close preservation Regedit.
System.ini file open
View to the shell = explorer.exe behind the Trojans document
Changes: shell = explorer.exe
Close preservation system.ini, restart Windows
Trojan horse to delete the corresponding documents
OK
Remove Trojans v1.50 version:
MS_DOS enter:
Del winspc13.exe
Del ms097.exe
System.ini file open
View to the shell = explorer.exe behind the Trojans document
Changes: shell = explorer.exe
Close preservation system.ini, restart Windows
Trojan horse to delete the corresponding documents
OK
91. Transmission Scount v1.1 - 1.2
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ Run \\\\\\\\
Delete the right of the item: Kernel16 "= C: \\\\\\\\ WINDOWS \\\\\\\\ Kernel16.exe
Close preservation Regedit and restart Windows
Delete the C: \\\\\\\\ WINDOWS \\\\\\\\ Kernel16.exe
OK
92. Trinoo
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ Run \\\\\\\\
Delete the right of the item: System Services = service.exe
Close preservation Regedit and restart Windows
Delete the C: \\\\\\\\ windows \\\\\\\\ system \\\\\\\\ service.exe
OK
93. Trojan Cow v1.0
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ Run \\\\\\\\
Delete the right of the item: SysWindow = "C: \\\\\\\\ WINDOWS \\\\\\\\ Syswindow.exe"
Close preservation Regedit and restart Windows
Delete the C: \\\\\\\\ WINDOWS \\\\\\\\ Syswindow.exe
OK
94. TryIt
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ Run \\\\\\\\
Delete the right of the item: Rc5Dec = C: \\\\\\\\ Program Files \\\\\\\\ Internet Explorer \\\\\\\\ _.exe-guistart
Close preservation Regedit and restart Windows
Delete the C: \\\\\\\\ Program Files \\\\\\\\ Internet Explorer \\\\\\\\ _.exe
OK
95. Vampire v1.0 - 1.2
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ Run \\\\\\\\
Delete the right of the item: Sockets = "c: \\\\\\\\ windows \\\\\\\\ system \\\\\\\\ Sockets.exe"
Close preservation Regedit and restart Windows
Delete c: \\\\\\\\ windows \\\\\\\\ system \\\\\\\\ Sockets.exe
OK
96. WarTrojan v1.0 - 2.0
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ Run \\\\\\\\
Delete the right of the item: Kernel32 = "C: \\\\\\\\ somepath \\\\\\\\ server.exe"
Close preservation Regedit and restart Windows
Delete the C: \\\\\\\\ somepath \\\\\\\\ server.exe
OK
97. WCrat v1.2b
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ Run \\\\\\\\
Delete the right of the item: MS Windows System Explorer = "C: \\\\\\\\ WINDOWS \\\\\\\\ sysexplor.exe"
Close preservation Regedit and restart Windows
Delete the C: \\\\\\\\ WINDOWS \\\\\\\\ sysexplor.exe
OK
98. WebEx (v1.2, 1.3, and 1.4)
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ Run \\\\\\\\
Delete the right of the item: RunDl32 = "C: \\\\\\\\ windows \\\\\\\\ system \\\\\\\\ task_bar"
Close preservation Regedit and restart Windows
Delete the C: \\\\\\\\ windows \\\\\\\\ system \\\\\\\\ task_bar.exe
and c: \\\\\\\\ windows \\\\\\\\ system \\\\\\\\ msinet.ocx
OK
99. WinCrash v2
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ Run \\\\\\\\
Delete the right of the item: WinManager = "c: \\\\\\\\ windows \\\\\\\\ server.exe"
Close preservation Regedit
Open win.ini file
View to run = c: \\\\\\\\ windows \\\\\\\\ server.exe
Changes: run =
Win.ini kept closed, restart Windows
Delete c: \\\\\\\\ windows \\\\\\\\ server.exe
OK
100. WinCrash
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ Run \\\\\\\\
Delete the right of the item: MsManager = "SERVER.EXE"
Close preservation Regedit and restart Windows
Delete the C: \\\\\\\\ windows \\\\\\\\ system \\\\\\\\ SERVER.EXE
OK
101. Xanadu v1.1
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ Run \\\\\\\\
Delete the right of the item: SETUP = "c: \\\\\\\\ somepath \\\\\\\\ setup.exe"
Close preservation Regedit and restart Windows
Delete c: \\\\\\\\ somepath \\\\\\\\ setup.exe
OK
102. Xplorer v1.20
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ Run \\\\\\\\
Delete the right of the item: PCX = "C: \\\\\\\\ WINDOWS \\\\\\\\ system \\\\\\\\ PCX.exe"
Close preservation Regedit and restart Windows
Delete the C: \\\\\\\\ WINDOWS \\\\\\\\ system \\\\\\\\ PCX.exe
OK
103. Xtcp v2.0 - 2.1
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ Run \\\\\\\\
Delete the right of the item: msgsv32 = "C: \\\\\\\\ WINDOWS \\\\\\\\ system \\\\\\\\ winmsg32.exe"
Close preservation Regedit and restart Windows
Delete the C: \\\\\\\\ WINDOWS \\\\\\\\ system \\\\\\\\ winmsg32.exe
OK
104. YAT
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \\\\\\\\ SOFTWARE \\\\\\\\ Microsoft \\\\\\\\ Windows \\\\\\\\ CurrentVersion \\\\\\\\ RunServices \\\\\\\\
Delete the right of the item: Batterieanzeige = 'c: \\\\\\\\ pathnamehere \\\\\\\\ server.exe / nomsg'
Close preservation Regedit and restart Windows
Delete c: \\\\\\\\ pathnamehere \\\\\\\\ server.exe
OK
_________________
By M4st3r.w4n1
|
|
