Hi alleneschell,
Trojan Wincod is a Trojan that sneaks through your system’s backdoor to infect your PC. How does Trojan Wincod get in? Trojan Wincod masks itself as a video codec you need. If you have Trojan Wincod, you’ll see this Trojan Wincod popup:
ERROR. Fatal Error! The media system on your computer is corrupt. Update your video codec immediately to resolve this issue.
You need this “video codec” like you need scamware on your PC. Which is fitting, because if you download this “video codec,” you’ll be taken to WinCoDecPRO.com to buy fake anti-spyware. Which is great, if you want to blow dough, but you'd better do that in a casino than in this case.
Before you get started, you should backup your system and your registry, so it’ll be easy to restore your computer if anything goes wrong. Re:
http://support.microsoft.com/kb/322756Disable system restore while cleansing a trojan and then enable again system restore:
http://www.pchell.com/virus/systemrestore.shtmlTo remove Trojan Wincod manually, you need to delete Trojan Wincod files.
Get rid of Trojan Wincod registry values, delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”WmpTray” = “[PATH TO TROJAN]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\”Debugger” = “http://wincodecpro.com/purchase.php?id=2″
HKEY_LOCAL_MACHINE\SOFTWARE\GenericMultiMedia\WinCoDecPRO\”countr” = “[NUMBER OF TIMES TROJAN HAS EXECUTED]”
HKEY_LOCAL_MACHINE\SOFTWARE\GenericMultiMedia
HKEY_LOCAL_MACHINE\SOFTWARE\GenericMultiMedia\WinCoDecPRO
Note: In any Trojan Wincod files I mention above, “%UserProfile%” is a variable referring to your current user’s profile folder. If you’re using Windows NT/2000/XP, by default this is “C:\Documents and Settings\[CURRENT USER]” (e.g., “C:\Documents and Settings\AlleneSchell”)
How to delete Trojan Wincod files in Windows XP and Vista:
1. Click your Windows Start menu, and then click “Search.”
2. A speech bubble will pop up asking you, “What do you want to search for?” Click “All files and folders.”
3. Type a Trojan Wincod file in the search box, and select “Local Hard Drives.”
4. Click “Search.” Once the file is found, delete it.
How to stop Trojan Wincod processes:
1. Click the Start menu, select Run.
2. Type taskmgr.exe into the the Run command box, and click “OK.” You can also launch the Task Manager by pressing keys CTRL + Shift + ESC.
3. Click Processes tab, and find Trojan Wincod processes.
4. Once you’ve found the Trojan Wincod processes, right-click them and select “End Process” to kill Trojan Wincod.
How to remove Trojan Wincod registry keys:
Trojan Wincod warning Because your registry is such a key piece of your Windows system, you should always backup your registry before you edit it. Editing your registry can be intimidating if you’re not a computer expert, and when you change or a delete a critical registry key or value, there’s a chance you may need to reinstall your entire system. Make sure your backup your registry before editing it. And do it from a list that you have printed out in advance and follow that instruction to the dot. In that case not much should go wrong.
1. Select your Windows menu “Start,” and click “Run.” An “Open” field will appear. Type “regedit” and click “OK” to open up your Registry Editor.
2. Registry Editor will open as a window with two panes. The left side Registry Editor’s window lets you select various registry keys, and the right side displays the registry values of the registry key you select.
3. To find a registry key, such as any Trojan Wincod registry keys, select “Edit,” then select “Find,” and in the search bar type any of Trojan Wincod’s registry keys.
4. As soon as Trojan Wincod registry key appears, you can delete the Trojan Wincod registry key by right-clicking it and selecting “Modify,” then clicking “Delete.”
How to delete Trojan Wincod DLL files:
1. First locate Trojan Wincod DLL files you want to delete. Open your Windows Start menu, then click “Run.” Type “cmd” in Run, and click “OK.”
2. To change your current directory, type “cd” in the command box, press your “Space” key, and enter the full directory where the Trojan Wincod DLL file is located. If you’re not sure if the Trojan Wincod DLL file is located in a particular directory, enter “dir” in the command box to display a directory’s contents. To go one directory back, enter “cd ..” in the command box and press “Enter.”
3. When you’ve located the Trojan Wincod DLL file you want to remove, type “regsvr32 /u SampleDLLName.dll” (e.g., “regsvr32 /u jl27script.dll”) and press your “Enter” key.
That’s it. If you want to restore any Trojan Wincod DLL file you removed, type “regsvr32 DLLJustDeleted.dll” (e.g., “regsvr32 jl27script.dll”) into your command box, and press your “Enter” key.
Did Trojan Wincod change your homepage?
1. Click Windows Start menu > Control Panel > Internet Options.
2. Under Home Page, select the General > Use Default.
3. Type in the URL you want as your home page (e.g., “http://www.homepage.com”).
4. Select Apply > OK.
5. You’ll want to open a fresh web page and then make sure that your new default home page pops up.
Use recuva file restore from here:
http://www.recuva.com/download to restore eventually lost files through the workings of trojan.wincod,
That is all,
polonus
