Friday 17 February 2012

How to Remove a Trojan Virus Manually

By Gaurav Srivastava

The article describes how you can manually remove a Trojan virus from your computer. The methods described here are reliable and correct to date. We still advise you to follow them carefully to avoid facing problems. It is because virus removal is a sensitive procedure and requires thorough understanding of the virus infected files and their locations in the computer.

A Trojan virus is a dangerous program that masquerades as a legitimate program and thus bypasses your security program's reach. It mostly comes embedded into freeware like weather forecast software and tray clocks etc. considering that you need help removing the bad Trojan virus from your computer; we have compiled a free virus removal guide for you to remove it manually from your computer. However, online virus removal is recommended over the manual procedure for normal users.

Instructions:

Before you begin removing the Trojan virus from your computer, take a backup of your valuable data to a flash drive or CD etc. Instead of relying on external backup media that are equally susceptible to catastrophic damage, you can choose a cloud storage service to store your data. Once the data is backed up, open Task Manager by right clicking anywhere on the taskbar. Alternatively, you can press Alt, Ctrl, Delete keys together on the keyboard.

If you are unable to run any of these below mentioned steps in the normal mode, restart your computer in Safe Mode with Networking. When the computer start rebooting, repeatedly press the F8 key on the keyboard until you see the Windows boot menu. Use the Down arrow key to reach Safe Mode with Networking and then hit Enter. Make sure you immediately start tapping the F8 key before the Windows logo appears.

Disable System Restore. If it is Windows 7 or Vista, click on the Start menu and browse to Control Panel. Locate System and click on it. Click on System protection. Highlight the System Protection tab, select the disk drive viz. C or D etc., and then hit the Configure button. Select the Turn off system protection option, hit the Apply button, and then OK to exit the System Properties window. if you are using Windows XP, right click on My Computer and choose Properties. Highlight the System Restore tab and disable the system restore feature. Delete all the system restore points to avoid the Trojan virus from loading itself back on to your computer after it is restored.

In the Task Manager window, click on the Processes tab and look for the virus' processes. You will see weird names such as 124hies.exe, mslaugh.exe, and ghie4562.exe among others. Once you have spotted such process, click on it and then press the End Process button. It will stop the Trojan virus from running and consuming the CPU power. If the virus has got a specific name like blaster.worm or 32heur etc., you will find processes followed by such name extensions in addition to the weird names. Close Task Manager.

If the Trojan virus has disabled Task Manager due to which you are unable to kill malicious processes, check if you can launch your antivirus program or connect to the internet. If the antivirus program opens up, update it with latest virus definitions. Wait until updating finishes. When done, run a full virus scan (recommended) and not a custom one. When finished, check for the virus infected files and their locations into your computer. Write their full path in a Windows Notepad or on a piece of paper. Prompt the security program to delete them. If it is unable to delete the infected files, close it.

Click on the Start menu and browse to C:\ drive from My Computer. Search for the Trojan virus' file using Windows Search. Type the name of the virus file in the desired field and hit Enter. When the file appears in the search results, right click on it and select Rename to change its name to something like virus_temp (you can name it anything you want). The renaming will weaken the Trojan virus. Now right click on virus_temp and select Delete to delete the file. Repeat the procedure for all the infected files.

Connect to the internet and run a free online virus scan from a website like Trend Micro or F-Secure. Download the latest version of any of the free tools and install it. When done, open the tool and launch a full virus scan and not a custom one. Wait for the scan to complete. When done, check the names and locations of the infected files. Write them down like you did in the previous step and repeat the rename and deletion procedure as mentioned above. When done exit the window.

Open the Run utility from the Start menu. Type 'regedit' in the empty field and hit Enter. It will open up Registry Editor. Before you begin making changes to the registry, make sure that you have backed up your entire data including the registry. If you wrongly modify the registry, you can lead your system to full or partial crash. Scan all the branches of the Windows registry for all such files names that were during the scans by your antivirus program and the free online virus scanner. The most popular branches to look for into include HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE. However, you must scan other branches too to be on a safer side. Exit Registry Editor.

When done scanning and deleting all the malicious entries from the registry and other locations, connect to the internet and download Anti-Malware, a free antivirus tool from Malwarebytes. Visit the official Malwarebytes website (Malwarebytes.org, prefix 'www.' In the front) and download the latest version of Anti-Malware. Save the file when prompted. Afterwards, run the setup file to install the tool. When done, open the tool and update it. Wait for the updates to be downloaded as well as installed. When finished, click on the Scanner tab and choose Perform full scan instead of Perform quick scan. Press the Scan button to start the scan and wait until it finishes. Afterwards, prompt the tool to delete the infected files.

Additional Tips:

After having gone through all the steps, if the Trojan virus still exists in your computer, contact V tech-squad for online virus removal support service.
About this Author

No comments:

Post a Comment