1. Glacier v1.1 v2.2
Glaciers are the best domestic Trojan
Clear Trojan v1.1
Open Registry Regedit Hot Network
Click Directory to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Look for the following two paths and delete
"C:\windows\system\ Kernel32.exe"
"C:\windows\system\ Sysexplr.exe"
Close regedit
Reboot to Msdos mode
Delete C:\windows\system\ Kernel32.exe and C:\windows\system\ Sysexplr.exe Trojan horse program
Reboot. Ok
Clear Trojan v2.2 Hot Network
Server programs, path users can be arbitrarily defined, write the registry key name can also be defined by themselves.
Therefore, it cannot be clearly stated.
You can check the registry and delete the suspect file path.
Reboot to Msdos mode
Delete the corresponding Trojan program in the registry
Restart Windows. Ok
2. Acid Battery v1.0
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Remove Explorer on the right = "C:\WINDOWS\expiorer.exe"
Close regedit
Reboot to Msdos mode
Delete C:\windows\expiorer.exe Trojan program
Note: Do not delete the correct ExpLorer.exe program, there is only the difference between I and L.
Reboot. Ok
3. Acid Shiver v1.0 + 1.0Mod + lmacid
Steps to clear the Trojan:
Reboot to Msdos mode
Delete C:\windows\MSGSVR16. Exe
And then back to the Windows system
Open Registry Regedit
Click Directory to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delete the right explorer = "C:\WINDOWS\MSGSVR16." EXE "
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
Delete the right explorer = "C:\WINDOWS\MSGSVR16." EXE "
Close regedit
Reboot. Ok
Reboot to Msdos mode
Delete C:\windows\wintour.exe and then go back to Windows system
Open Registry Regedit
Click Directory to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delete WINTOUR = "C:\WINDOWS\WINTOUR on the right." EXE "
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
Delete WINTOUR = "C:\WINDOWS\WINTOUR on the right." EXE "
Close regedit
Reboot. Ok
4. Ambush
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Zka on the right = "Zcn32.exe"
Close regedit
Reboot to Msdos mode
Delete C:\Windows\ Zcn32.exe
Reboot. Ok
5. AOL Trojan
Steps to clear the Trojan:
Boot to Msdos mode
Delete C:\ Command.exe (suppresses file's implied properties before deleting)
Note: Do not delete the true Command.com file.
Delete C:\ Americ~1.0\buddyl~1.exe (suppresses file's implied properties before deleting)
Delete C:\ Windows\system\norton~1\regist~1.exe (suppresses file's implied properties before deleting)
Open Win.ini File
Under WINDOWS, the path of the "run=" and "load=" loader Trojans must be cleared:
run=
Load=
Save Win.ini
and to correct the registry regedit
Click Directory to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delete the right winprofile = C:\command.exe
Turn off regedit and restart Windows. Ok
6. Asylum v0.1, 0.1.1, 0.1.2, 0.1.3 + Mini 1.0, 1.1
Steps to clear the Trojan:
Note: Trojan program default filename is Wincmp32.exe, however, the program can change the file name.
We can according to the Trojan modified System.ini and Win.ini two files to clear the Trojan.
Open System.ini File
Under [BOOT], there is a "shell= filename." The correct filename is explorer.exe
If not "Explorer.exe", then that file is a Trojan horse program, find it out, delete.
Save Exit System.ini
Open Win.ini File
There is a run= under [WINDOWS]
If you see a path file name after it, you must delete it.
The right thing to do is run= behind nothing.
= the path filename behind is the Trojan, find it out, delete it.
Save Exit Win.ini.
Ok
7. Attackftp
Steps to clear the Trojan:
Open Win.ini File
There are load=wscan.exe below [WINDOWS]
Delete Wscan.exe, correct is load=
Save Exit Win.ini.
Open Registry Regedit
Click Directory to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Remove reminder= "wscan.exe/s" on the right
Turn off the regedit and reboot into the MSDOS system
Delete C:\windows\system\ Wscan.exe
Ok
8. Back Construction 1.0-2.5
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delete "C:\WINDOWS\Cmctl32.exe" on the right
Turn off the regedit and reboot into the MSDOS system
Delete C:\WINDOWS\Cmctl32.exe
Ok
9. Backdoor v2.00-v2.03
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delete the ' C:\windows\notpa.exe/o=yes ' on the right
Turn off the regedit and reboot into the MSDOS system
Delete C:\windows\notpa.exe
Note: Do not delete the real Notepad.exe notebook program
Ok
BF Evolution v5.3.12
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delete the right (Default) = ""
Turn off regedit and restart the computer again.
Will C:\windows\system\. exe (space exe file)
Ok
BioNet v0.84-0.92 + 2.21
The 0.8X version is run in WIN95/98
0.9X above version has two software running on WIN95/98 and Winnt
Client-server protocol is the same, so NT customers can black 95/98 infected machines, and WIN95/98 customers can black NT infected system exactly the same.
Steps to clear the Trojan:
First prepare a 98 boot disk, with it started, into the C:\Windows directory, with attrib libupd~1.exe-h
The command lets the Trojan program be visible, and then deletes it.
After pulling out the floppy disk reboot, enter 98, in the registry find:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
The subkey winlibupdate = "C:\windows\libupdate.exe-hide"
Delete this subkey.
Bla v1.0-5.03
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delete Systemdoor on the right = "C:\WINDOWS\System\mprdll.exe"
Turn off regedit and restart the computer.
Find C:\WINDOWS\System\mprdll.exe and
C:\WINDOWS\system\rundll.exe
Note: Do not delete C:\WINDOWS\RUNDLL. EXE correct file.
and delete two files.
Ok
Bladerunner
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
can find System-tray = "C:\something\something.exe"
The path to the right may be anything, then you do not need to delete it, because the Trojan will immediately automatically add, you need to write down the name and directory of Trojans, and then back to MS-DOS, find this trojan file and delete.
Restart the computer, and then repeat the first step, locate the Trojan file in the registry and delete the key.
Bobo v1.0-2.0
Clear Trojan v1.0
Open Registry Regedit
Click Directory to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delete Dirrectlibrarysupport on the right = "C:\WINDOWS\SYSTEM\Dllclient.exe"
Turn off regedit and restart the computer.
DEL C:\Windows\System\Dllclient.exe
Ok
Clear Trojan v2.0
Open Registry Regedit
Click Directory to:
hkey_user/. Default/software/mirabilis/icq/agent/apps/icq accel/
ICQ Accel is a "false" primary key, select the ICQ Accel primary key and remove it.
Restart your computer. Ok
Brainspy Vbeta
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
There's??? on the right. = "C:\WINDOWS\system\BRAINSPY. exe"
??? The label selection is changed randomly.
Turn off regedit and restart the computer
Find Delete C:\WINDOWS\system\BRAINSPY. exe
Ok
Cain and Abel v1.50-1.51
This is a password Trojan
Enter MS-DOS mode
Find a C:\windows\msabel32.exe
and delete it. Ok
Canasson
Steps to clear the Trojan:
Open Win.ini File
Find C:\msie5.exe, remove all primary keys
Save Win.ini
Restart your computer
Delete C:\msie5.exe Trojan file
Ok
Chupachbra
Steps to clear the Trojan:
Open Win.ini File
There are two rows below [Windows]
Run=winprot.exe
Load=winprot.exe
Delete Winprot.exe
run=
Load=
Save Win.ini, and then open the registry regedit
Click Directory to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Remove the ' System Protect ' = Winprot.exe on the right
Restart Windows
Find the C:\windows\system\ winprot.exe and delete it.
Ok
Coma v1.09
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delete the ' RunTime ' = C:\windows\msgsrv36.exe on the right
Restart Windows
Find the C:\windows\ msgsrv36.exe and delete it.
Ok
Control
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delete the right load mschv DRV = C:\windows\system\MSchv.exe
Save regedit, restart Windows
Find the C:\windows\system\MSchv.exe and delete it.
Ok
Dark Shadow
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
Remove winfunctions= "Winfunctions.exe" on the right
Save regedit, restart Windows
Find the C:\windows\system\ winfunctions.exe and delete it.
Ok
Deepthroat v1.0-3.1 + Mod (foreplay)
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Version 1.0
Delete the item on the right ' System32 ' =c:\windows\system32.exe
Version 2.0-3.1
Delete the item on the right ' systemtray ' = ' Systray.exe '
Save regedit, restart Windows
Version 1.0 Delete C:\windows\system32.exe
Version 2.0-3.1
Delete C:\windows\system\systray.exe
Ok
Delta Source v0.5-0.7
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delete Item to the right: DS admin tool = C:\TEMPSERVER.exe
Save regedit, restart Windows
Find the C:\TEMPSERVER.exe and delete it.
Ok
Der Spaeher v3
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Delete Item to the right: Explore = "C:\windows\system\dkbdll.exe"
Save regedit, restart Windows
Delete the C:\windows\system\dkbdll.exe Trojan file.
Ok
Doly v1.1-v1.7 (SE)
Clear Trojan v1.1-v1.5 version:
This Trojan horse version of the Trojan program in three places, add two registered items, also added to the Win.ini project.
First, enter the MS-dos mode, delete three Trojans, but V1.35 version of more than one Trojan file Mdm.exe.
Remove all of the following:
C:\WINDOWS\SYSTEM\tesk.sys
C:\WINDOWS\Start Menu\programs\startup\mstesk.exe
C:\Program Files\mstesk.exe
C:\Program Files\mdm.exe
Restart Windows.
Next, open the Win.ini file
Locate the Load=c:\windows\system\tesk.exe item below [WINDOWS], delete the path, and change to load=
Save the Win.ini file.
Finally, modify registry regedit
to locate the following two items and remove them
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Ms Tesk = "C:\Program files\mstesk.exe"
and
Hkey_user\. Default\software\microsoft\windows\currentversion\run
Ms tesk = "C:\Program files\mstesk.exe"
to find HKEY_ CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SS
This group is a trojan with all the parameters to select and set the server to delete all the items in this SS group. The
closes the save regedit. The
also has open C:\AUTOEXEC. BAT file, delete the
@echo off copy c:\sys.lon c:\windows\StartMenu\Startup items\
del c:\win.reg
Close save Autoexec.bat.
OK
Clear Trojan V1.6 version:
When the Trojan runs, it will not be able to turn off through 98 normal operation, only reset key. The complete cleanup steps are as follows:
1. Open Control Panel--Add Remove program--Delete Memory Manager 3.0, this is the Trojan, but it does not delete the exe file Trojan.
2. Start with a 98 or DOS boot disk (with reset key), transfer to C:\, edit AUTOEXEC. BAT, remove the following:
@echo off copy C:\sys.lon C:\windows\startm~1\programs\startup\mdm.exe
Del C:\win.reg
Save AUTOEXEC. BAT file and after returning to DOS, delete the Trojan file under the C:\ root directory:
Del Sys.lon
Del Windows\startm~1\programs\startup\mdm.exe
Del Progra~1\mdm.exe
3. Pull out the floppy disk reboot, and after entering 98, remove the Memory Manager directory from the C:\Program Files\ directory.
Clear Trojan V1.7 version:
First, open the C:\AUTOEXEC. BAT file, deleting
@echo off copy C:\sys.lon C:\windows\startm~1\programs\startup\mdm.exe
Del C:\win.reg
Close save Autoexec.bat
Then open the registry regedit
Click Directory to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Locate the C:\windows\system\mdm.exe path and delete the item
Click Directory to:
hkey_user/. default/software/marabilis/icq/agent/apps/
Locate the "C:\windows\system\kernal32.exe" path and delete the item
Close save Regedit. Restart Windows.
Finally, remove the following Trojan horse program:
C:\sys.lon
C:\iecookie.exe
C:\Windows\Start Menu\programs\startup\mdm.exe
C:\Program Files\mdm.exe
C:\windows\system\mdm.exe
C:\windows\system\kernal32.exe
Note: Kernal32 is a
Ok
Donald Dick v1.52-1.55
Clear Trojan v1.52-1.53 version:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\system\currentcontrolset\services\vxd\vmldir\
Delete Item to the right: StaticVxD = "Vmldir.vxd"
Turn off save regedit and restart Windows
Delete C:\WINDOWS\System\vmldir.vxd
Ok
Clear Trojan v1.54-1.55 version:
These two versions are the same as the previous version except for the default filename.
Change the Vmldir.vxd to INTLD.VDX.
Drat v1.0-3.0b
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to: HKEY_CLASSES_ROOT\Exefile\Shell\Open\Command
Find @=shell32 \ "%1\"%* change it to @= "%1"%*
Close save regedit and restart Windows.
Find C:\windows\ under Shell32. * file, and delete it.
Ok
Eclipse 2000
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: BYBT = "C:\windows\system\eclipse2000.exe"
Click Directory to:
hkey_local_machine\software\microsoft\windows\currentversion\ runservices\
Delete Item to the right: Cksys = "c:\windows\system\ could be anything. exe"
Turn off save regedit and restart Windows
Find the Eclipse2000.exe Trojan file and delete it
Eclypse v1.0
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Rnaapp = "C:\WINDOWS\SYSTEM\rmaapp.exe"
Turn off save regedit and restart Windows
Delete C:\WINDOWS\SYSTEM\rmaapp.exe
Note: Do not delete Rnaapp.exe
Ok
Executer v1
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
The item on the right finds the "C:\windows\sexec.exe" and deletes it.
Turn off save regedit and restart Windows
Delete the Trojan program files accordingly.
Ok
Fakeftp Beta
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete items on the right: Rundll32 = rundll3.tww/h
Turn off save regedit and restart Windows
Locate the three files in the C:\windows\ folder and delete them
Rundll3.bat-9x.reg-nt.reg
Ok
Forced Entry
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: MicrosoftRegistration32 = "C:\somepath \trojanhrs.exe"
Turn off save regedit and restart Windows
Because the path is easy to change, just find the Trojanhrs.exe and delete it.
Gatecrasher v1.0-1.2
Clear Trojan v1.0:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: explore= ' C:\windows\explore.exe '
Turn off save regedit and restart Windows
Then, delete the corresponding Trojan program.
Ok
Clear Trojan v1.1:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete the item on the right: inet= ' EXPLORE. EXE '
Turn off save regedit and restart Windows
Then, find the corresponding Trojan program and delete it.
Ok
Clear Trojan v1.2:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Command = ' C:\windows\system.exe '
Turn off save regedit and restart Windows
Then, find the corresponding Trojan program and delete it.
Ok
Girlfriend v1.3x (including Patch 1 and 2)
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Windll.exe = "C:\windows\windll.exe"
The server data is also stored in the regedit.
Hkey_local_machine\software\microsoft\general
Delete General item title
Turn off save regedit and restart Windows
Then, find the corresponding Trojan program and delete it.
Ok
Golden Retreiver v1.1b
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete items on the right: Task manager= "C:\mstask.exe"
Turn off save regedit and restart Windows
Then, find the corresponding Trojan program and delete it.
Ok
Hack ' A ' Tack 1.0-2000
Clear Trojan v1.0-1.2:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Explorer32 = "C:\windows\Expl32.exe"
Turn off save regedit and restart Windows
Then, find the corresponding Trojan program and delete it.
Ok
Clear Trojan v2000:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete items on the right: Configuration Wizard = C:\windows\cfgwiz32.exe
Turn off save regedit and restart Windows
Delete C:\windows\cfgwiz32.exe
Ok
Panax Hack99 Keylogger
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Hkeylog = "C:\Windows\System\HKeyLog.exe"
Turn off save regedit and restart Windows
Delete C:\Windows\System\HKeyLog.exe
Ok
Hostcontrol v1.0
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: RegClean = "C:\windows\inf\regcle32.exe"
Turn off save regedit and restart Windows
Delete C:\windows\inf\regcle32.exe
Ok
HVL Rat v5.30
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete item on right: Explorer = "C:\WINDOWS\system\MSGSVR16." EXE "
Turn off save regedit and restart Windows
Delete C:\WINDOWS\system\MSGSVR16. Exe
Ok
Ik97 v1.2
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: IK = ' c:\progra~1\ik\ik.exe '
Turn off save regedit and restart Windows
Delete C:\Program Files\ik\ik.exe
Ok
Incommand v1.0-1.5
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Find the item on the right: advancedsettings = *
Note: * means the path and file name of the Trojan, and then delete this key after note.
Turn off save regedit and restart Windows
Follow the Trojan path and filename just noted to remove the Trojan horse program.
Indoctrination v0.1-v0.11
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Hkey_local_machine\software\microsoft\windows\currentversion\runservices\
Hkey_local_machine\software\microsoft\windows\currentversion\runonce\
Hkey_local_machine\software\microsoft\windows\currentversion\runservicesonce\
Each title includes Msgsrv16 = "Msgsrv16" Item
Delete each item
Turn off save regedit and restart Windows
Delete C:\windows\system\msgserv16.exe
Ok
inet v2.0-2.0n
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Explorer = "C:\WINDOWS\system\inet.exe"
Turn off save regedit and restart Windows
Delete "C:\WINDOWS\system\inet.exe"
Delete "C:\WINDOWS\system\inet.dll"
Ok
Infector v1.0-1.42
Steps to clear the Trojan:
Open System.ini File
Find Shell=Explorer.exe C:\path\to\trojan.exe Project
Replaced by: Shell=Explorer.exe
Save close System.ini file, restart Windows
Delete C:\path\to\trojan.exe
Ok
Inikiller v1.2-3.2 Pro
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: explore= "C:\windows\bad.exe"
Turn off save regedit and restart Windows
Delete C:\windows\bad.exe
Ok
Intruder.
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete items on the right: PPModule1 = ' Ppmod1.sys '
Turn off save regedit and restart Windows
Delete C:\windows\system\ Ppmod1.sys
Delete C:\windows\system\ Ppmod2.sys
Ok
IRC3.
Steps to clear the Trojan:
Open Win.ini File
Locate Load=closew Item, change to: load=
Save shutdown Win.ini, restart Windows
Find these two files ' Rundlls.exe ', ' Closew.bat '
and delete them.
Ok
Kaos v1.1-1.3
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: sys= "C:\windows\shell32.exe"
Turn off save regedit and restart Windows
Delete C:\windows\shell32.exe
Ok
Khe Sanh v2.0
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: tboot0001= "C:\windows\system\trjp.exe"
Turn off save regedit and restart Windows
Delete C:\windows\system\trjp.exe
Ok
Kuang Logger
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: K2logas.task = "C:\WINDOWS\SYSTEM\K2logas.exe"
Turn off save regedit and restart Windows
Delete C:\WINDOWS\SYSTEM\K2logas.exe
Ok
Wuyi Kuang Original-0.34.
Clear Trojan V Original version:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Temp$1.task = "C:\windows\system\temp$1.exe"
Clear Trojan v 0.20-0.21 version:
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: K2ps.task = "C:\windows\system\k2ps.exe"
Clear Trojan v 0.30-0.34 version:
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: K2ps_full.task = "C:\windows\system\k2ps_full.exe"
Turn off save regedit and restart Windows
Find the corresponding Trojan program and delete it.
Ok
Logger.
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete items on the right:??? = "C:\windows\system\logged.exe"
Turn off save regedit and restart Windows
Delete C:\WINDOWS\SYSTEM\ Logged.exe
Ok
Magic Horse
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: spoolerservice= "C:\windows\spoolsrv.exe"
Turn off save regedit and restart Windows
Delete C:\windows\spoolsrv.exe
Ok
Malicious
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_users\. Default\software\microsoft\windows\currentversion\policies\
Delete five items on the right: DisableRegistryTools NoRun nofind nodesktop noclose
Turn off save regedit and restart Windows
Ok
Masters Paradise
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Sysedit = c:\windows\ sysedit.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
Delete Item to the right: Explorer = C:\......\agent.exe
Turn off save regedit and restart Windows
Find the Trojans and remove them.
Note: The Sysedit.exe file below c:\windows\system\ is 19KB, if it is not explained to be infected by Trojans, delete it.
Ok
Matrix v1.0-2.0
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete items on the right:??? = "C:\WINDOWS\Wincfg.exe"
Turn off save regedit and restart Windows
Delete C:\WINDOWS\Wincfg.exe
Ok
MBK
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Locate and delete the item on the right: Explorer = "" Mbt.exe.
Turn off save regedit and restart Windows
Find Mbt.exe and delete
Ok
Millenium v1.0-2.0
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Millenium = "C:\windows\system\reg66.exe"
Turn off save regedit and restart Windows
Delete C:\windows\system\reg66.exe
Ok
Mine.
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Windows = ' C:\msdos98.exe '
Turn off save regedit and restart Windows
Delete C:\msdos98.exe
Open Win.ini File
Find a Run=c:\windows\uninstallms.exe
Change to: run=
Turn off save Win.ini and restart Windows
Del C:\msdos98.exe
Del C:\windows\uninst~1.exe
Del C:\windows\system\mine.exe
Ok
Mosucker.
Steps to clear the Trojan:
Open System.ini File
Find Shell=Explorer.exe Unin0686.exe
Changed to: Shell= Explorer.exe
Turn off save System.ini and restart Windows
Delete C:\windows\unin0686.exe
Ok
Naebi v2.12-2.40
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_current_user\software\mirabilis\icq\agent\apps\icq
v2.12 Delete Item to the right: Path= "C:\windows\msramgr.exe"
v2.15 Delete the item to the right: path= "C:\windows\ Msdll32.exe"
v2.19 Delete the item to the right: path= "C:\windows\ Naebi219.exe"
v2.xx Delete Items on the right: path= "C:\windows\ naebi219.exe" file name may still be naebi.exe, Ns220.exe, ns227, ns231, ns234
Close Save Regedit
V2.34 is the same as above, but it adds a boot to the Win.ini
Open Win.ini File
Remove the path behind the run=
Turn off save Win.ini and restart Windows
Find the appropriate Trojan, and remove
Ok
Netcontroller v1.08.
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: System = ' C:\windows\system.exe '
Turn off save regedit and restart Windows
Delete C:\windows\system.exe
Ok
Netraider v0.0
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete items on the right: Rsrcnrs = ' C:\windows\rsrcnrs.exe '
Turn off save regedit and restart Windows
Delete C:\windows\rsrcnrs.exe
Ok
Netsphere v1.0-1.31337
Clear Trojan v1.0-1.30:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: NSSX = "C:\WINDOWS\system\nssx.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Hkey_users\****\software\microsoft\windows\currentversion\run
Delete Item Ibid.
Turn off save regedit and restart Windows
Delete C:\WINDOWS\system\nssx.exe
Ok
Clear Trojan v1.30-1.31337:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Execpowerprofile = "C:\WINDOWS\system\epp32.exe"
Turn off save regedit and restart Windows
Delete C:\WINDOWS\system\epp32.exe
Ok
Netspy v1.0-2.0
Clear Trojan v1.0:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Sysprotect = "C:\windows\system\system.exe"
Turn off save regedit and restart Windows
Delete C:\windows\system\system.exe
Ok
Clear Trojan v2.0:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Netspy = "Netspy.exe"
Turn off save regedit and restart Windows
Find Netspy.exe, and delete
Ok
Nettrojan v1.0
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete items on the right: * * * = "C:\WINDOWS\System\glide16.exe"
Close Save Regedit
Open Win.ini File
Find a Run=c:\windows\fxp.exe
Remove the path behind the run=
Turn off save Win.ini and restart Windows
Find the appropriate Trojan, and remove
Ok
Nirvana/visualkiller v1.94-1.95.
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete items on the right: Thedoor = ' C:\windows\fonts\ariel.exe '
Turn off save regedit and restart Windows
Delete C:\windows\fonts\ariel.exe
Ok
Phaze Zero v1.0b + 1.1
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Msgserv = "Msgsvr32.exe"
Turn off save regedit and restart Windows
Find the appropriate Trojan, and remove
Ok
Prayer v1.2-1.5
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Sysfiles = "C:\WINDOWS\System\dlls32.exe"
Hkey_current_user\software\microsoft\windows\currentversion\run\
Delete Item to the right: Sysfiles = "C:\WINDOWS\System\dlls32.exe"
Turn off save regedit and restart Windows
Delete C:\WINDOWS\System\dlls32.exe
Ok
PRIORITY (Beta)
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services
\
Delete Item to the right: "PServer" = C:\Windows\System\PServer.exe
Turn off save regedit and restart Windows
Delete C:\Windows\System\PServer.exe
Ok
Progenic Password Thief/keylogger v1.0
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: PWT = "C:\WINDOWS\SYSTEM\pwt.exe"
Turn off save regedit and restart Windows
Delete C:\WINDOWS\SYSTEM\pwt.exe
Ok
Progenic v1.0-3.0
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Scandisk = "C:\WINDOWS\scandiskvr.exe"
Turn off save regedit and restart Windows
Delete C:\WINDOWS\scandiskvr.exe
Ok
Prosiak beta-0.70 B5
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\runservices\
Delete Item to the right: Microsoft DLL Loader = "Windll32.exe"
Turn off save regedit and restart Windows
Delete C:\WINDOWS\ Windll32.exe
Ok
Retrieve v1.3.
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Microsoft Access = "C:\WINDOWS\access.exe"
Turn off save regedit and restart Windows
Delete C:\WINDOWS\access.exe
Ok
Revenger v1.0-1.5
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: AppName = "C:\...\server.exe"
Turn off save regedit and restart Windows
In C:\Windows find the corresponding Trojan program Server.exe, and remove
Ok
Ripper.
Steps to clear the Trojan:
Open System.ini File
Will Shell=Explorer.exe Sysrunt.exe
Change to Shell= Explorer.exe
Turn off save System.ini and restart Windows
In C:\Windows find the corresponding Trojan program Sysrunt.exe, and remove
Ok
Satans Back Door v1.0
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\runservices\
Delete Item to the right: Sysprot protection = "C:\windows\sysprot.exe"
Turn off save regedit and restart Windows
Delete C:\windows\sysprot.exe
Ok
Schwindler v1.82
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: User.exe = "C:\WINDOWS\User.exe"
Turn off save regedit and restart Windows
Delete C:\WINDOWS\User.exe
Ok
Trojan (sshare) +mod Small Share
This shared hide C-Disk Trojan
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\network\lanman\
Select the item on the right with ' C $ ' and delete all
Turn off save regedit and restart Windows
Ok
Shadowphyre v2.12.38-2.x.
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Winzipp = "C:\windows\system\winzipp.exe/nomsg"
or WinZip = "C:\windows\system\winzip.exe/nomsg"
Turn off save regedit and restart Windows
Delete C:\WINDOWS\ WinZipp.exe or C:\WINDOWS\ WinZip.exe
Ok
Bayi Share All
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\network\lanman\
Here you will see all of your hard drive symbols shared by Trojans and remove them all.
Shitheap.
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\runservices\
Delete Item to the right: Recycle-bin = "C:\windows\system\recycle-bin.exe"
or Recycle-bin = "C:\windows\system.exe"
Turn off save regedit and restart Windows
Delete C:\windows\system\recycle-bin.exe or C:\windows\system.exe
Ok
Snid V1-2
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete items on the right: System-tray = ' C:\windows\temp$01.exe '
Turn off save regedit and restart Windows
Delete C:\windows\temp$01.exe
Ok
Softwarst.
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete item on the right: NETAPP = C:\windows\system\winserv.exe
Turn off save regedit and restart Windows
Delete C:\windows\system\winserv.exe
Ok
Spirit beta-v1.2 (fixed)
Clear Trojan v Beta version:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete items on the right: Internet = "C:\windows\netip.exe"
Close Save Regedit
Open Win.ini File
Find a Run=c:\windows\netip.exe
Change to: run=
Turn off save Win.ini and restart Windows
Delete C:\windows\netip.exe and C:\windows\netip.exe
Ok
Clear Trojan v 1.2 version:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Systemtray = "C:\windows\windown.exe"
Turn off save regedit and restart Windows
Delete C:\windows\windown.exe
Ok
Clear Trojan v 1.2 (fixed) version:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Server 1.2.exe = "C:\windows\server 1.2.exe"
Turn off save regedit and restart Windows
Delete C:\windows\server 1.2.exe
Ok
Stealth v2.0-2.16
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: winprotect System = "C:\WINDOWS\winprotecte.exe
Turn off save regedit and restart Windows
Delete C:\WINDOWS\winprotecte.exe
Ok
Subseven-introduction.
Clear Trojan v1.0-1.1:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Systemtrayicon = "C:\WINDOWS\SysTrayIcon.Exe"
Turn off save regedit and restart Windows
Delete C:\WINDOWS\SysTrayIcon.Exe
Ok
Clear Trojan v1.3-1.4-1.5:
Open Win.ini File
Find a Run=nodll
Change to Run=
Turn off save Win.ini and restart Windows
Delete C:\windows\nodll.exe
Ok
Clear Trojan v1.6:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Systemtray = "SysTray.Exe"
Turn off save regedit and restart Windows
Delete C:\windows\systray.exe
Ok
Clear Trojan v1.7:
Open Registry Regedit
Click Directory to:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
\
Find items to the right: C:\windows\kernel16.dl, and delete
Turn off save regedit and restart Windows
Delete C:\windows\kernel16.dl
Ok
Clear Trojan v1.8:
Open Registry Regedit
Click Directory to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
\
Find items to the right: C:\Windows\System.ini., and delete
Close save Regedit.
Open Win.ini File
Find run= Kernel16.dl
Change to Run=
Close Save Win.ini.
Open System.ini File
Find Shell=Explorer.exe Kernel32.dl
Change to Shell=Explorer.exe
Turn off save System.ini and restart Windows
Delete C:\windows\kernel16.dl
Ok
Clear Trojan v1.9-1.9b:
Open Registry Regedit
Click Directory to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
\
Delete Item to the right: Registryscan = "Rundll16.exe"
Turn off save regedit and restart Windows
Delete C:\windows\rundll16.exe
Ok
Clear Trojan v2.0:
Open System.ini File
Find Shell=Explorer.exe Trojanname.exe
Change to Shell=Explorer.exe
Turn off save System.ini and restart Windows
Delete C:\windows\rundll16.exe
Ok
Clear Trojan v2.1-2.1 Gold + SubStealth-2.1.3 Mod + 2.1.3 Muie + 2.1 Bonus:
Open Registry Regedit
Click Directory to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
\
Delete Item to the right: Winloader = Msrexe. Exe
HKEY_CLASSES_ROOT\Exefile\Shell\Open\Command
Change the item on the right to: @= "\"%1\ "%*"
Close save Regedit.
Open Win.ini File
Find Run=msrexe.exe and
Load=msrexe.exe
Change to Run=
Load=
Close Save Win.ini.
Open System.ini File
Find Shell=explore.exe Msrexe.exe
Change to Shell=Explorer.exe
Turn off save System.ini and restart Windows
Delete C:\windows\ Msrexe.exe
C:\windows\system\systray.dll
Ok
Clear Trojan v2.2b1:
Open Registry Regedit
Click Directory to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and
Delete Item to the right: Loader = "c:\windows\system\***"
Note: The loader and filename are randomly changed
Close save Regedit.
Open Win.ini File
Change to Run=
Close Save Win.ini.
Open System.ini File
Change to Shell=Explorer.exe
Turn off save System.ini and restart Windows
Delete the corresponding Trojan program
Ok
Telecommando 1.54
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete the item on the right: systemapp= ODBC. EXE "
Turn off save regedit and restart Windows
Remove C:\windows\system\ ODBC. Exe
Ok
The unexplained
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: inetb00st = "C:\WINDOWS\TEMPINETB00ST." EXE "
Turn off save regedit and restart Windows
Delete C:\WINDOWS\TEMPINETB00ST. Exe
Ok
Thing v1.00-1.60
Clear Trojan v1.00-1.12:
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: (Default) = "C:\some\path\here\thing.exe"
There are also some in:
Hkey_local_machine\system\currentcontrolset\control\sessionmanager\known16dlls\
Delete Item to the right: Wsasrv.exe = "Wsasrv.exe"
Turn off save regedit and restart Windows
Delete C:\some\path\here\thing.exe
Ok
Clear Trojan v 1.20 version:
Enter Ms_dos way:
Del Winspc13.exe
Del Ms097.exe
Open System.ini File
Find Shell=Explorer.exe Ms097.exe
Change to: Shell=Explorer.exe
Turn off save System.ini and restart Windows
Ok
Clear Trojan v1.50 version:
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
The path and filename of the project is randomly altered to see the suspect file path and delete it.
Close save Regedit.
Open System.ini File
Find a Trojan file behind the Shell=Explorer.exe
Change to: Shell=Explorer.exe
Turn off save System.ini and restart Windows
Delete the corresponding Trojan file
Ok
Clear Trojan v1.50 version:
Enter Ms_dos way:
Del Winspc13.exe
Del Ms097.exe
Open System.ini File
Find a Trojan file behind the Shell=Explorer.exe
Change to: Shell=Explorer.exe
Turn off save System.ini and restart Windows
Delete the corresponding Trojan file
Ok
Transmission Scount v1.1-1.2
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Kernel16 "= C:\WINDOWS\Kernel16.exe
Turn off save regedit and restart Windows
Delete C:\WINDOWS\Kernel16.exe
Ok
Trinoo.
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: System Services = Service.exe
Turn off save regedit and restart Windows
Delete C:\windows\system\service.exe
Ok
Trojan Cow v1.0
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Syswindow = "C:\WINDOWS\Syswindow.exe"
Turn off save regedit and restart Windows
Delete C:\WINDOWS\Syswindow.exe
Ok
Tryit.
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete items on the right: Rc5dec = C:\Program files\internet Explorer\_.exe-guistart
Turn off save regedit and restart Windows
Delete C:\Program files\internet Explorer\_.exe
Ok
Vampire v1.0-1.2
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Sockets = "C:\windows\system\Sockets.exe"
Turn off save regedit and restart Windows
Delete C:\windows\system\Sockets.exe
Ok
Wartrojan v1.0-2.0
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Kernel32 = "C:\somepath\server.exe"
Turn off save regedit and restart Windows
Delete C:\somepath\server.exe
Ok
Wcrat v1.2b.
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: MS Windows System Explorer = "C:\WINDOWS\sysexplor.exe"
Turn off save regedit and restart Windows
Delete C:\WINDOWS\sysexplor.exe
Ok
WebEx (v1.2, 1.3, and 1.4)
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: RunDl32 = "C:\windows\system\task_bar"
Turn off save regedit and restart Windows
Delete C:\windows\system\task_bar.exe and C:\windows\system\msinet.ocx
Ok
Wincrash v2
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Winmanager = "C:\windows\server.exe"
Close Save Regedit
Open Win.ini File
Find a Run=c:\windows\server.exe
Change to: run=
Save shutdown Win.ini, restart Windows
Delete C:\windows\server.exe
Ok
Wincrash
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Msmanager = "SERVER." EXE "
Turn off save regedit and restart Windows
Deletes the C:\windows\system\ SERVER. Exe
Ok
Xanadu v1.1
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Items to the right: SETUP = "C:\somepath\setup.exe"
Turn off save regedit and restart Windows
Delete C:\somepath\setup.exe
Ok
102. Xplorer v1.20
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: PCX = "C:\WINDOWS\system\PCX.exe"
Turn off save regedit and restart Windows
Delete C:\WINDOWS\system\PCX.exe
Ok
Xtcp v2.0-2.1
Steps to clear the Trojan:
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\run\
Delete Item to the right: Msgsv32 = "C:\WINDOWS\system\winmsg32.exe"
Turn off save regedit and restart Windows
Delete C:\WINDOWS\system\winmsg32.exe
Ok
YAT.
Steps to clear the Trojan: Hot network
Open Registry Regedit
Click Directory to:
Hkey_local_machine\software\microsoft\windows\currentversion\runservices\
Delete items on the right: Batterieanzeige = ' c:\pathnamehere\server.exe/nomsg '
Turn off save regedit and restart Windows
Delete C:\pathnamehere\server.exe
Ok