Manually Viruses Removal From PC

by on October 30th, 2007

First confirm that you have got viruses in your PC. Here are some unexpected things that should not happen. Some of these symptoms of viruses presence are:

  • Disabled Task Manager
  • Disabled Registry Editor
  • Disabled Command Prompt
  • You have no applications running or open but CPU usage goes over 50%
  • My Computer Drives not opening by Double Click
  • Automatic PC Shutdown or Restart
  • Computer Slows down
  • Hidden Files are not showing
  • Folder Options disappeared

Manual Removal of Viruses

If you have tried all the solutions and still could not disinfect your system then try to manually remove the viruses using the instructions below:

You will be needing to have Process Explorer and Autoruns.
Download them by following links:
Process Explorer v11.03

This update to Process Explorer, an advanced process information utility, has a number of miscellaneous improvements. For example, the thread support in the process properties dialog is enhanced with Wow64 thread stacks on 64-bit Windows and kernel stacks on Windows Vista and Server 2008. In addition, tooltips on the service hosting processes now show service names, the user SID is displayed on the security properties page, and column headers have tooltips when they’re too small to display their text.

Screenshots

Screenshot 1
Screenshot 2
Autoruns for Windows

See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings.

Screenshot

Download ‘Process Explorer’ and ‘Autoruns’

http://download.sysinternals.com/Files/ProcessExplorer.zip (1.5 MB)
http://download.sysinternals.com/Files/Autoruns.zip (490 KB)

  1. Unpack zipped files and copy exe files to Windows Directory.
  2. Close and exit all programs (even from tray) except Internet Explorer or your internet browser
  3. Run process explorer by typing procexp in the start menu Run and see for suspicious activities.  

If you do see any suspicious process then right click on it and then properties. In the path: field copy the path and Open Run Dialogue and paste the path there

Now terminate the suspicious task in process explorer.

If the same process starts again then suspend the process by right clicking on it and click suspend on the menu. Remove the name of the application from path now listing only folder.e.g If you have copied C:\WINDOWS\system32\mspaint.exe then remove mspaint.exe and you will see C:\WINDOWS\system32\ this in the Run Dialogue.

Delete Hidden Files

Press Enter to open Explorer and locate the file name whose name you have just removed. After locating the file delete the file.If you can not find the file it must be hidden.

If Show Hidden Files and Folders Option not working Use WinRARTo remove hidden files Download WinRAR which will show you all hidden files.

Now look at the root of every drive to find hidden files.

Delete .exe and autorun.inf like files if you find any.
But do not delete these files as these are system files e.g.

autoexec.bat, boot.ini, bootmgr,config.sys, io.sys, msdos.sys, ntdetect.com, pagefile.sys,ntldr, hiberfil.sys.

Now you have successfully terminated virus process the next thing is to remove those virus files which start upon system start.

Open Autoruns by typing autoruns in the Run Dialogue. Wait while refreshing completes.

In the Options –> Hide Microsoft Entries. And click Refresh button on the interface OR Close the program and start again.

After scanning completes select Logon tab and uncheck all the entries be sure do not unselect any Microsoft Entry.Restart system for the changes to take effect.

Now use Ravmon Virus Killer to restore some settings.

Now scanning your system for an Anti-Virus will be the last suggestion.

Troubleshooting:

Incase of any problem. you did a wrong move. Open Autoruns, in the Options –> Unselect Hide Microsoft Entries. And click Refresh button on the interface OR and select all entries. Close the program and start your system again.

This solution will work only against those Viruses which does not infect Windows own Exe files e.g explorer.exe


Share