Hi malware fighters,
Here is an example to instruct users how to manually remove certain malware from their computers in case a full removal description for manually removal exists online. I hope someone will ask this to be
turned into a sticky, because I think this could be very helpful in cases where there is no other way to
have certain infections cleansed.
Before you start: Close all programs and Internet browsers.
Also back up your computer in case you make a mistake and your computer stops working.
See: http://www.spyware-techie.com/how-to-backup-your-computerIn order to remove malware manually, you should be in Safe Mode first. Press the F8 key when you start your computer in Windows, and select the 'safe mode' option on the screen.
If this procedure does not work, try changing the start-up option, if necessary, to boot from floppy/CD and insert a clean boot disk or CD. Then reboot.
#
To stop all Malware processes (view process removal steps)
Go to Start > Run > type taskmgr. The click the Processes tab and you’ll see a list of running processes.
# Find and terminate malware processes and remove non-malware files related and used by malware.
Tips: apart from the suspicious file names enumerated in a scan report, identify irregular file names or directories, strange file properties (hidden files, no file version or supplier name, abnormal file dates…); look-up the malware name on the Internet, to find out more details about the files it uses to run;
# Search and stop the Malware processes:
example X Y.exe
Exzmple X Y
For each unwanted process, right-click on it and then select “End task”.
See: http://www.spyware-techie.com/how-to-stop-a-running-process-2/
#
To Unregister malware DLLs (view DLL removal steps)
Search and unregister the Malware DLLs:
example.dll
example-y.dll
example-q.dll
To locate the malware DLL path, go to Start > Search > All Files or Folders.
Type Malware-name and in the Look in: select either My Computer or Local Hard Drives.
Click the Search button.
Once you have the malware name DLL path, go to Start and then click on Run.
In the Run command box, type cmd, and then click on OK.
To locate the exact DLL path, type cd in order to change the current directory.
To display the contents of the directory, use the dir command.
To remove the DLL file type regsvr32 /u FILENAME.dll
(FILENAME is the name of the file that you want to unregister).
See: http://www.spyware-techie.com/how-to-delete-dll-files/Eliminate malware entries from the Registry, INI files, Services (Windows NT), Start Menu, Task Scheduler;
#
To unregister malware registry keys (view registry keys removal steps)
Go to Start > Run > type regedit > press OK.
Edit the value (on the right pane) by right-clicking on it and selecting the Modify option.
Select the Delete option.
Search and delete these malware registry keys:
This is a random example of existing malware modified as an example:
HKEY_CLASSES_ROOT\CLSID\{E example 5E67A49FFFF1}
HKEY_CLASSES_ROOT\Interface\{ }
HKEY_CLASSES_ROOT\Interface\{1BB2DA5F-B78F-component-771CBE1DEC68}
HKEY_CLASSES_ROOT\Interface\{2A4E73C5-OK OK OK B7E5-FFE8D3BD6245}
HKEY_CLASSES_ROOT\Interface\{44A923CA-F430-4F85-9F84-5153ECDB882E}
HKEY_CLASSES_ROOT\Interface\{4E6E21EC-9D72-4164-8A53-74786A467872}
HKEY_CLASSES_ROOT\Interface\{631E9E48-B066-43DA-92AC-6DADF61B173B}
HKEY_CLASSES_ROOT\Interface\{65C1361C-E696-4AF0-9E21-81910193F352}
HKEY_CLASSES_ROOT\Interface\{77DCE805-C8CE-48AA-A47F-BFA6CC7704B3}
HKEY_CLASSES_ROOT\Interface\{8D42769F-07D8-494D-AAB4-AA1652C541FA}
HKEY_CLASSES_ROOT\Interface\{A1922071-390C-418D-916D-91209E95D286}
HKEY_CLASSES_ROOT\Interface\{A1F8CD95-CFB3-43D1-A956-63441CC058C1}
HKEY_CLASSES_ROOT\Interface\{A63B46AD-96A7-4A2C-BD8F-8CD097E1593A}
HKEY_CLASSES_ROOT\Interface\{A65F98DD-2360-468C-B76E-B1B84C0D547C}
HKEY_CLASSES_ROOT\Interface\{AE2AEED0-BE1B-4BA2-826E-20D1991081B8}
HKEY_CLASSES_ROOT\Interface\{D7F73787-6206-4BBA-BDC0-7CFA9940DBCB}
HKEY_CLASSES_ROOT\Interface\{E770F739-2968-4ED9-A63C-DC1938DC82A2}
HKEY_CLASSES_ROOT\TypeLib\{CFAFA83C-855B-4E3D-92B9-A587995B675A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\malware name.exe X Y
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware X Y
HKEY_LOCAL_MACHINE\SOFTWARE\Malware X Y
See: http://www.spyware-techie.com/how-to-remove-registry-keys/ 5. If
your homepage has been changed, go to
Start > Control Panel > Internet Options > click on the General
> click Use Default under Home Page.
Add the your desired default homepage, then click Apply > click OK.
Open a new web browser to check that you have your desired default homepage.
6.
Remove Malware Directories.
To find Malware directories, go to Start > My Computer > Local Disk (C:) > Program Files
> Show the contents of this folder.
Search and delete the following Malware directories:
%ProgramFiles%\Malware X Y\Lang
%ProgramFiles%\Malware X Y\Logs
%ProgramFiles%\Malware\Quarantine
Right-click on the Malware folder and select Delete.
A message will appear saying ‘Are you sure you want to remove the folder [NAME OF FOLDER] and move all its contents to the Recycle Bin?’, click Yes.
Another message will appear saying ‘Renaming, moving or deleting [FOLDERNAME] could make some programs not work. Are you sure you want to do this?’, click Yes.
7.
To remove Malware icons on your Desktop, drag and drop them to the Recycle Bin.
8. Check the installed screensaver programs, games and other utilities;
9. # Delete web browser cache (Temporary Internet Files) and browser history, cookies and other suspect temporary files;
10. Empty the Recycle Bin.
* Make sure you have up-to-date antivirus program on your system.
* Reboot.
* Run a complete disk scanning.
* Make a habit of elementary security rules! (see "How to stay protected against malware infections")
You’ve completed these malware manual removal instructions!
I hope this article has helped you solve your malware problems.
If you want to contribute to this article, post your comment below.
Disclaimer: This article is for general educational purposes how users can manually remove certain malware,
polonus
