some of sites.....
www.undelete.com,
http://free-backup.info/data-recovery-software.htm,
www.thefreecountry.com/ utilities/datarecovery.shtml
....................................................................................................................................
Manual remove of Virus
http://piyushlabs.wordpress.com/self-troubleshooting-manual-steps-to-kick-out-any- virus/
Self Troubleshooting - Manual steps to kick out any virus
After replying to so many people here, i feel that people should know/learn how to remove viruses themselves.
I don’t get time to come on net and reply to all.
So, here i’m posting my way of fixing viruses.
This is be “one solution for all viruses”
Visuses, i mean malwares, not the complicated ones.
This solution is not for ‘all’ viruses.
Many viruses infect some particular, say all exe files, these solutions are no where related to such viruses.
DOWNLOADS
You need some tools
-Process Explorer from here
-Autoruns from here
-Heal Antivirus from here
STEPS
Heal_AntiVirus
Run Heal_Antivirus.
If it continues to report corrupt registries, say more than one minute, then exit it.
Task Manager
Check if task manager is working.
Goto: Process Tab
Goto: View > SelectColumn > Check ‘PID’ & ‘ThreadCount’ > OK
Look for
-Unknown Processes
-Having Thread=’1′
-Running under User Name=’your login name’ (ie other than SYSTEM, LOCAL SERVICES, NETWORK SERVICES)
Right click on the process and select ‘End Process Tree’
ProcessXP
Look for
-Unknown Processes
-Processes in ‘Pink Color’ esp.
-Child process of Explorer.exe
Right click and ‘Kill Process Tree’ such processes
ProcessXP can EndTask processes that cannot be killed from Task Manager 
#Trusted important processes
#Do not kill these process
#All running under SYSTEM, LOCAL SERVICES, NETWORK SERVICES only
alg.exe
csrss.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe (many)
winlogon.exe
<your antivirus software>
Autoruns
Goto: ‘Logon’ tab
Goto: ‘Options’ > Mark yes for ‘Verify Code Signatures’
Press F5 for refresh
Look for
-’Not verified’ items
-Suspected items
-Folder iconed items
Remove unwanted items by unchecking the checkbox
#Trusted entries
#Do not remove any of these, or else you will be in trouble
* HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
Entry=C:\WINDOWS\system32\userinit.exe,
Image path=c:\windows\system32\userinit.exe
* HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Entry=Explorer.exe
Image path=c:\windows\explorer.exe
#Most of the cases, some other terms are appended to these, just delete the extra terms by unchecking the checkbox
Heal_AntiVirus
Again run Heal_Antivirus.
If it continues to report corrupt registries, say more than one minute, then it means you are still affected.
It can be used to find out whether your comp is affected by some virus or not.
No reporting of corrupt registries doesn’t guarantee for absence of viruses.
EXTRA
When you use ProcessXP, if ‘Interrupts’ and ‘DPCs’ are eating up your CPU resources,
then you better reinstall Windows XP.
There should be no ‘Exporer.exe’ in c:\windows\system32 folder.
If these doesn’t work, then you may like to End Task ‘Explorer.exe’, also as some viruses inject dll into Explorer.
Sometimes there are such registry changes that prevents you to login to your account, in that case you have to go for unconventional offline-registry change, ie, without booting into your windows. (link - yet to be posted).
PLEASE REPLY
If these steps have helped you in removing some virus, then please leave a reply here.
Include the name of virus and its properties also.
It will help someone else.
No comments:
Post a Comment