How to Manually Remove Viruses From Your System
Note: This solution will work only against those Viruses which does not infect Windows own Exe files e.g like explorer.exe
If you have tried all the solutions listed on our site and still could not disinfect your system then try to manually remove the virus using the instructions below:
In order to compelete the instructions below. You need to have Process Explorer and Autoruns. Download the Pack (2.0MB) Which contains these. Install it.
Close and exit all programs (even from tray) except Internet Explorer or your internet browser
Run process explorer by typing procexp in the start menu Run and do as illustrated.
After collapsing
procexp.exe is Process Explorer’s own process
winword.exe is MS WORD
mspaint.exe is Paint
IEXPLORE.exe is Internet Explorer
Wmplayer.exe is Windows Media Player
If you do see any suspicious process
then right click on it and then properties. In the path: field copy the path and Open Run Dialogue and paste the path there
Now terminate the suspicious task in process explorer
If the same process starts again then suspend the process by right clicking on it and click suspend on the menu. Remove the name of the application from path now listing only folder.
e.g If you have copied C:\WINDOWS\system32\mspaint.exe then remove mspaint.exe and you will see C:\WINDOWS\system32\ this in the Run Dialogue.
Delete Hidden Files
Press Enter to open Explorer and locate the file name whose name you have just removed.After locating the file delete the file.If you can not find the file it must be hidden.
If Show Hidden Files and Folders Option not working Use WinRAR
To remove hidden files Download WinRAR which will show you all hidden files
See the figure and locate that file and delete that file. If still unable to delete file then see our post about deleting the file.
Now look at the root of every drive to find hidden files.
Delete .exe and autorun.inf like files if you find any. But do not delete these files as these are system files
autoexec.bat, boot.ini, bootmgr,config.sys, io.sys, msdos.sys, ntdetect.com, pagefile.sys,ntldr, hiberfil.sys
Now you have successfully terminated virus process the next thing is to remove those virus files which start upon system start.
Open Autoruns by typing autoruns in the Run Dialogue.
After scanning completes select Logon tab and uncheck all the entries.Restart system for the changes to take effect.
Now use Ravmon Virus Killer to restore some settings
Friday, August 3, 2007
VIRUS: Ravmon Virus Killer
Ravmon Virus Killer Patch
How does the Ravmon Virus affects your PC?
When you Open any drive in My Computer by right clicking, the Context menu will have a chinese like language & when you click on this language on context menu, the drive will not open but the Open With dialouge will ask you to “Choose the program you want to use to open this file:”. Also by double clicking any drive same thing happens.
Context Menu and OpenWith Dialogue will look like this.
The Ravmon virus does also corrupt your Folder Options. So when you open Folder Options and try to check “Show hidden files and folders” and click ok. My Computer will not show hidden files, also “Hide protected operating system files (Recommended)” option will not be working.
Folder Options Dailogue
Error launching Task Manager, Registry Editor and Command prompt which is also solved by this tool
How Does the Ravmon Virus Spread?
Ravmon Virus mostly spreads from USB Flash drives. So to prevent this virus from breaking into your pc you must start an Anti-Virus before plugining a Flash drive into your pc.
For Removing Ravmon virus and its effects I have created a tool. Just download it, run it and Restart your computer.
Ravmon Virus Removal Tool 2.1 (Updated July 24 2007)
Just Install it and restart your System, Installing it will remove the Virus, There is no application associated with this Tool that will list in Start Menu after restart.It is not unintallable because it does not leave any file on your system.
Before installing this tool you are recommended to do a scan of your computer using any AntiVirus program e.g Kaspersky, Norton etc. or you can scan your computer online see our post to find online virus scanning websites Free Online Virus ScannersThis tool removes infections of the Ravmon virus e.g. My Computer drives opening, Folder Options missing from Tools Menu, Folder Options “Show Hidden Files and Folder” not working.It also enables Task Manager, Registry Editor and Command Prompt if they have been disabled by some another virus.
This tool is seamlessly compatible with Windows 2000/XP
Note: If you do have Windows Vista then you will not suffer from any of the problems by Ravmon Virus
Ravmon Virus Removal Tool Technical Description
Tool Removesautorun.inf (placed in the root of every drive),ravmon.exe (place in the root of every drive),mdm.exe (this is a virus file not MS file)Deletes these entries from registryNoFolderOptions,NoControlPanel,DisableTaskMgr,DisableRegistryTools,DisableCMDSets these Registy Entries
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]“CheckedValue”=dword:00000002[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]“DefaultValue”=dword:00000002[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]“CheckedValue”=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]“DefaultValue”=dword:00000002
If Still you have viruses in your system or this tool did not worked see our new post
How does the Ravmon Virus affects your PC?
When you Open any drive in My Computer by right clicking, the Context menu will have a chinese like language & when you click on this language on context menu, the drive will not open but the Open With dialouge will ask you to “Choose the program you want to use to open this file:”. Also by double clicking any drive same thing happens.
Context Menu and OpenWith Dialogue will look like this.
The Ravmon virus does also corrupt your Folder Options. So when you open Folder Options and try to check “Show hidden files and folders” and click ok. My Computer will not show hidden files, also “Hide protected operating system files (Recommended)” option will not be working.
Folder Options Dailogue
Error launching Task Manager, Registry Editor and Command prompt which is also solved by this tool
How Does the Ravmon Virus Spread?
Ravmon Virus mostly spreads from USB Flash drives. So to prevent this virus from breaking into your pc you must start an Anti-Virus before plugining a Flash drive into your pc.
For Removing Ravmon virus and its effects I have created a tool. Just download it, run it and Restart your computer.
Ravmon Virus Removal Tool 2.1 (Updated July 24 2007)
Just Install it and restart your System, Installing it will remove the Virus, There is no application associated with this Tool that will list in Start Menu after restart.It is not unintallable because it does not leave any file on your system.
Before installing this tool you are recommended to do a scan of your computer using any AntiVirus program e.g Kaspersky, Norton etc. or you can scan your computer online see our post to find online virus scanning websites Free Online Virus ScannersThis tool removes infections of the Ravmon virus e.g. My Computer drives opening, Folder Options missing from Tools Menu, Folder Options “Show Hidden Files and Folder” not working.It also enables Task Manager, Registry Editor and Command Prompt if they have been disabled by some another virus.
This tool is seamlessly compatible with Windows 2000/XP
Note: If you do have Windows Vista then you will not suffer from any of the problems by Ravmon Virus
Ravmon Virus Removal Tool Technical Description
Tool Removesautorun.inf (placed in the root of every drive),ravmon.exe (place in the root of every drive),mdm.exe (this is a virus file not MS file)Deletes these entries from registryNoFolderOptions,NoControlPanel,DisableTaskMgr,DisableRegistryTools,DisableCMDSets these Registy Entries
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]“CheckedValue”=dword:00000002[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN]“DefaultValue”=dword:00000002[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]“CheckedValue”=dword:00000001[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]“DefaultValue”=dword:00000002
If Still you have viruses in your system or this tool did not worked see our new post
VIRUS: Registry Editing Has Been Disabled By Your Administrator
Registry Editing Has Been Disabled By Your Administrator
Today a friend of mine asked that his registry editor had been disabled accidently and now how should he enable it back again. Here are two ways to enable the registry editing in Windows.
1- From Group Policy Editor
Go to Run –> gpedit.mscIn the left hand menu, go to User Config –> Administrative Templated –> System.Now In the right hand pane, select “Prevent access to registry editing tools”. It will probably be not configured or enabled. If it’s enabled, disable it and if it’s not configured, first enable it, apply settings and then disable it. Most probably the settings have been applied instantly. If not, then run gpupdate in command prompt to apply the group policies.
2- From the Run Menu
I got this tweak while surfing the internet. Go to Start –> Run, copy and paste the follow in the Run box and press OK.
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
The effects are usually instant. If not then you should see the results after restarting your computer.
Folder Options missing in Windows XP
After a virus attack in one of my client machines, the folder options from the windows explorer was missing and we were unable to show all the files including the hidden ones. So here’s what I did to restore it back:
Go to Run –>gpedit.mscUser Configuration –> Administrative Templates –> Windows Components –> Windows ExplorerEnable and then Disable “Removes Folder Options menu from Tools menu”Close all windows explorer windows and then open again.. most probably your folder options is back
Note: For an automated solution to this problem,
download the Ravmon virus killer patch here.
Today a friend of mine asked that his registry editor had been disabled accidently and now how should he enable it back again. Here are two ways to enable the registry editing in Windows.
1- From Group Policy Editor
Go to Run –> gpedit.mscIn the left hand menu, go to User Config –> Administrative Templated –> System.Now In the right hand pane, select “Prevent access to registry editing tools”. It will probably be not configured or enabled. If it’s enabled, disable it and if it’s not configured, first enable it, apply settings and then disable it. Most probably the settings have been applied instantly. If not, then run gpupdate in command prompt to apply the group policies.
2- From the Run Menu
I got this tweak while surfing the internet. Go to Start –> Run, copy and paste the follow in the Run box and press OK.
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f
The effects are usually instant. If not then you should see the results after restarting your computer.
Folder Options missing in Windows XP
After a virus attack in one of my client machines, the folder options from the windows explorer was missing and we were unable to show all the files including the hidden ones. So here’s what I did to restore it back:
Go to Run –>gpedit.mscUser Configuration –> Administrative Templates –> Windows Components –> Windows ExplorerEnable and then Disable “Removes Folder Options menu from Tools menu”Close all windows explorer windows and then open again.. most probably your folder options is back
Note: For an automated solution to this problem,
download the Ravmon virus killer patch here.
VIRUS :Task Manager has been disabled by your administrator
1. Go to “Start” -> “Run” -> Write “Gpedit.msc” and press on “Enter” button.
2. Navigate to “User Configuration” -> “Administrative Templates” -> “System” -> “Ctrl+Alt+Del Options”
3. In the right side of the screen verity that “Remove Task Manager”" option set to “Disable” or “Not Configured”.
4. Close “Gpedit.msc” MMC.
5. Go to “Start” -> “Run” -> Write “gpupdate /force” and press on “Enter” button.
Enabling Task Manager from Registry Editor
1. Go to “Start” -> “Run” -> Write “regedit” and press on “Enter” button.Warning: Modifying your registry can cause serious problems that may require you to reinstall your operating system.Always backup your files before doing this registry hack.
2. Navigate to the following registry keys and verity that following settings set to default:Windows Registry Editor Version 5.00[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]“DisableTaskMgr”=dword:00000000[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System]“DisableTaskMgr”=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\]“DisableTaskMgr”=dword:00000000[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]“DisableCAD”=dword:000000003. Reboot the computer.
For your convenience, I have created a registry file. Just download, double click it and add the info to your registry. The task manager will be enabled. Post your experiences please.
Download the registry file here.
Enabling Task Manager from the Run Menu
Abdullah mailed me this solution. Go to Start –> Run and copy and paste the following and press OK.
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
See Also:Registry Editing Has Been Disabled By Your Administrator
VIRUS :New Folder.exe Sohanad Virus Removal Tool
New Folder.exe Sohanad Virus Removal Tool
Virus Infections
This virus affects your system by
Disabling Task Manager
Disabling Registry Editor
Creates a startup entry to start upon system start and
Creates its own exe files in Shared Documents folder which appear like ordinary folders.
Disables Folder Options
Uses your 50% or more processor
You can see that the folders in Shared Documents have an exe extension If you have unchecked Hide extensions for known file types in Folder Options
Virus Removal Tool Description
Just Install it and restart your System, Installing it will remove the Virus, There is no application associated with this Tool that will list in Start Menu after restart.It is not unintallable because it does not leave any file on your system.
Sets these entries in Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]“NofolderOptions”=
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]“@”=
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]“Yahoo Messengger”=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]“Shell”=”Explorer.exe “
Deletes Virus Files
svchossst.exe
All duplicated exe files in Shared Documents Folder
If you are still unable to remove Virus then try our new post How to manually remove viruses
Virus Infections
This virus affects your system by
Disabling Task Manager
Disabling Registry Editor
Creates a startup entry to start upon system start and
Creates its own exe files in Shared Documents folder which appear like ordinary folders.
Disables Folder Options
Uses your 50% or more processor
You can see that the folders in Shared Documents have an exe extension If you have unchecked Hide extensions for known file types in Folder Options
Virus Removal Tool Description
Just Install it and restart your System, Installing it will remove the Virus, There is no application associated with this Tool that will list in Start Menu after restart.It is not unintallable because it does not leave any file on your system.
Sets these entries in Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]“NofolderOptions”=
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]“@”=
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]“Yahoo Messengger”=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]“Shell”=”Explorer.exe “
Deletes Virus Files
svchossst.exe
All duplicated exe files in Shared Documents Folder
If you are still unable to remove Virus then try our new post How to manually remove viruses
Subscribe to:
Posts (Atom)