How to remove virus manually!!
Manually Removing Viruses and Worms
Here I shall discuss about manual techniques to remove any malicious program from an infected system. Below given are the steps to be followed while removing any malicious file manually.
a. The first step is always isolating the system by removing it from any network (e.g. dial-up, LAN, VPN or DSL etc) if connected.
b. Disable system restore and reboot the system in safe mode (Since, in safe mode very minimal services runs preventing any unknown services to start during system startup).
c. This step is to remove un-necessary or any malicious programs from system startup. Windows “msconfig” tool can be used removing un-necessary programs from the system startup.
Note: “msconfig” is not present in all versions of windows. Incase msconfig is not present then the startup entries has to be removed manually which I shall discuss in further steps.
Go to Start => Run => Type “msconfig” (without quotes) => Press Enter
Select the option "Diagnostic Startup" in the “General” tab.Switch to “Services” tab . Click “Enable All” and click "Hide Microsoft services".Now switch to “Startup” tab . Un-check all unnecessary startup items or any suspicious startup file. Now press “OK” button in “msconfig”.
d. In some versions of windows (e.g. Windows 2000) “msconfig” is not present. In that case one has to remove the un-necessary startup files manually. Startup items can be manually removed from the following locations: Start => Programs => Startup => Right click item => delete or it can be found at C:\Documents and Settings\All Users\Start Menu\Programs\Startup Similarly, the un-necessary services have to be disabled manually in the “services.msc” manually.
To disable the un-necessary services manually Go to Start => Run => Type“services.msc” (without quotes) => Press Enter. Then right click the service that has to be disabled => properties => stop (if running) => disable => press enter.
e. Most of the malicious programs make entries in the registries to start on system boot. These entries can be found in the following locations:
HKEY_LOCAL_MACHINE => Software => Microsoft => Windows => CurrentVersion => Run
HKEY_LOCAL_MACHINE => Software => Microsoft => Windows => CurrentVersion =>
RunOnce
HKEY_LOCAL_MACHINE => Software => Microsoft => Windows => CurrentVersion =>
RunServices (Only for windows 9x/ME)
and
HKEY_CURRENT_USER => Software => Microsoft => Windows => CurrentVersion => Run
To remove the entries from the registries, go to Start => Run => Type “regedit” (without quotes) => press enter. Then go to the above mentioned keys and delete all un-necessary entries.
f. Purge recycle bin and restart window in normal mode. Connect to internet and update the Anti-Virus signature and once the signatures are up-to-date then a complete system scan should be done.
g. Go to Start => Run => Type “msconfig” (without quotes) => Press Enter. Select the option "Normal Startup" (view Screenshot 3.1.3.a) in the “General” tab and press OK. Reboot the system again into normal startup.
Comments
