Removing the antivirus on another computer
By releasing a computer hard drive that has been infected with a virus and then loaded onto another computer which have the latest antivirus or at least able to identify a virus in an infected system. Perform a full scan on the hard drives of infected systems and remove all viruses found. Having completed the hard drive can already reassembled the computer, and run the system as usual. Do check back if the computer is still showing the same symptoms when exposed to the virus. Is a powerful way to clean the virus throughout the antivirus on another computer can recognize and remove the virus on the infected hard drive. But still leave traces of virus or startup autorun is not functioning. This trail is sometimes raises an error message that is not dangerous but may be a bit disturbing.
Removing the other operating systems
On a laptop or computer that is not removable hard drive then the other way is to run other operating systems that are not infected with the virus and do a full scan of the entire hard drive. Usually there is beberpa users who use dual OS such as Linux and Windows or Windows XP and Windows Vista etc. In addition can also use the LiveCD or OS Portable like Knoopix and Windows PE (Windows which has diminimazed and can dibooting from portable storage media such as flash disk or CD.) And then do a full scan with antivirus. Effective at removing the virus with antivirus on another computer example above. Viruses sometimes still leaving a trail is not dangerous.
Manually remove
If you do the above difficulties there is still another way is by manually. These steps are:
1. Turn off the process which is run by the virus. Active virus must have a process running on the system. This process usually monitor the activities of the system and perform actions when certain events are identified virus. For example, when we install the flash disk, the process will recognize the virus and infect the action flash disk with the same virus. This process should be viewed from the task manager which can be activated with Ctrl + Alt + Del but sometimes the virus will block this action by doing log off, close the Task Manager window, or restart the system. Another way is to use another tool to view and turn off the virus. I used to use Process Explorer from http://www.sysinternals.com/. With this tool you can turn off the process which is considered a virus. At the time of the deadly virus belonging to note sometimes the virus's process consists of more than one process to monitor each other. When a process is switched off then the process will be turned on again TSB with other processes. Therefore deadly virus must rapidly process before the process is turned off again by another process. Recognize that the process is considered first and then turn off all the virus quickly. Usually the virus disguised to resemble the process but of course no different windows like that mimic IExplorer.exe Explorer.exe. Here are the windows that can be safely categorized as a reference process:
C: \ WINDOWS \ system32 \ smss.exe
C: \ WINDOWS \ system32 \ csrss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ Explorer.exe
In addition to the explorer process you can use other tools that may be easier and could remove the process once. Another example is HijackFree. You can search on google similar tools.
2. After the deadly virus managed to do the default return value parameter of the system used virus to activate itself and block efforts to remove him. The parameters are located on the windows registry which can be reset to default values. Save the following file with any name with the file extensions. Reg. Then execute the file by clicking two times. If there is confirmation you can answer Yes / Ok. The following registry file:
Windows Registry Editor Version 5:00
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced]
"Hidden" = dword: 00000000
"SuperHidden" = dword: 00000000
"ShowSuperHidden" = dword: 00000000
[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ SafeBoot]
"AlternateShell" = "cmd.exe"
[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet002 \ Control \ SafeBoot]
"AlternateShell" = "cmd.exe"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ SafeBoot]
"AlternateShell" = "cmd.exe"
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
"Shell" = "Explorer.exe"
"Userinit" = "C: \ WINDOWS \ system32 \ userinit.exe,"
[HKEY_CLASSES_ROOT \ regfile \ shell \ open \ command]
@ = "Regedit.exe \"% 1 \ ""
[HKEY_CLASSES_ROOT \ scrfile \ shell \ open \ command]
@ = "\"% 1 \ "% *"
[HKEY_CLASSES_ROOT \ piffile \ shell \ open \ command]
@ = "\"% 1 \ "% *"
[HKEY_CLASSES_ROOT \ comfile \ shell \ open \ command]
@ = "\"% 1 \ "% *"
[HKEY_CLASSES_ROOT \ exefile \ shell \ open \ command]
@ = "\"% 1 \ "% *"
The above registry file will unblock regedit, and prevent the virus transplanting himself to the system, and reset other parameters to prevent the virus from another road.
3. Once the virus is turned off and reset the system parameters. Prevent the virus active again by removing the autorun virus entry and startup of Windows. Could use the msconfig tool windows congenital or directly editing the registry with Regedit. To more easily use third-party tools like autoruns from http://www.sysinternals.com to delete the entry and startup autorun virus belongs to TSB. Do not forget to check your StartUp folder on the Start menu -> Programs -> Startup and make sure there are no TSB virus entry.
4. Download the latest antivirus and do a full antivirus scan on your system so check the whole system and remove all viruses found. I suggest avira which can be downloaded from http://www.free-av.com because of its free and virus scanner with the same tough commercial antivirus like Symantec or Kaspersky.
5. Before restarting make sure you do not pass the virus either from Process and startup or autorun system. Because if not, upon restart the system will return as when infected with the virus and in vain all the steps you did earlier.
6. After restarting your computer and check to see if symptoms appear when the computer is infected is still there or not. If there then you missed few autorun virus or reset the system parameters above are not successful. Perform the above steps and check more carefully every step before you restart the system.
That's the steps for a virus on Windows XP systems. To prevent the virus coming back should be diligent in updating your antivirus or install applications such as prevention or Comodo Firewall WinPooch which will warn users when there are other programs that will modify the system. So even though the virus is not recognized but before entering the user will be warned by the application of prevention. If you recognize the programs that want to access your system then you can allow such access, but if not should be rejected and blocked access because there is a possibility the program is a virus.
Careful when opening flash disk. Do not open the flash disk with a click two times. Open with a right click and select the Open menu to the autoplay feature on the flash disk does not run a virus automatically. Do not forget to note the files that you open. Although the icon same note that you open a file type open application or program. Make sure the word file is actually a word and folders folders really can see the details or properties from the file. Hopefully this article helps you become infected and prevent computer viruses.
----------------------------------------------------------------------
Thanks to : IT Solutions, Tutorials
No comments:
Post a Comment