Wednesday, August 27, 2008

Virus/Trojan Removal. Only for 32 bit Windows OS

Well First use all types of anti virus and try to remove the virus. If you have another OS, then install antivirus and other security software and try to remove the virus or Trojan files. This Post is for those situations where you can’t run antivirus and you have virus or Trojan in your system which you can’t remove using any tools available on internet.

So first always try your favorite Antivirus and if you don’t succeed then go for specific removal tools for the Trojan or virus. And then:

First, You got to inspect your task manager or download process manager and inspect it. You will find information for all good and well know application files. You might not find file information for least known software and for many virus and Trojans. If you come across any process that you think as suspicious, then you better Google it. You might find that file as virus or Trojan from Google. Try searching for any removal tools available for that virus or Trojan. For example you will not find proper tools for virtumonde Trojan.

If you don’t succeed then try ending that program and deleting it. You most probably wont succeeding in closing that task i.e. the process might keep loading as soon as you end it. If that is the case then you need software by name Unlocker. Try to find the location of this process and when you find, then see whether it’s inside windows folder and is a system file. If it is, then you can use unlocker and delete that file. But if it’s in some other folder not inside windows and you have knowledge of installing the program then it is better you leave it as it is.

Unlocker will enable you to unload any file and delete them. So the next task is to find all the dll files of the Trojan (off course virtumonde has at least 4 which cannot be deleted). The most obvious location will be system32 folder. So search for dll files inside system32 folder. Now add a column by the name company. If you find any company name as suspicious then Google it. All dll files from Microsoft have a proper company name added to it.

So sort the list of files using company names. Now the real cause to worry is the files that do not have a company name. Have a look at these files. If these files have some company name (ati's dll files most probably wont have any company names) as its file name for example ati23fs.dll, then you can safely ignore it or you can Google it. Often many application dlls file names are carefully chosen to resemble the purpose they are for. so if you find any random names with numbers in between and you don’t find any information on Google for that file you can safely delete that file(s) using unlocker.

Always the virus and Trojans will install files inside windows directory and make it a hidden system folder. But there are just a few hidden system files inside the windows folder on a clean install of windows XP and they will have a proper systematic name!!!

Try this in your own risk!!!

3 comments:

Aslam said...

Or... Dump windows and use Linux..!!
As simple as that... Unless you use the computer for games or some high end software, u dont really need windows..! Linux will serve just fine...!
Or if u like.. Use an Apple Mac..!!

All Hail..!!

Srini said...

Y these idiots do like this( creating virus and all).they can stop these things and think good for peoples and update the technologies.

Philip Kingsley said...

Obviously to gain money illegally and also for writing antivirus code for their own virus