Manual removal method of common Trojan horse
1. Glacier v1.1 v2.2 This is the best domestic Trojan author: huangxin
Clear Trojan v1.1 Open registry regedit click Directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun find the following two paths and remove the
C:windowssystem kernel32.exe "C:windowssystem sysexplr.exe" off regedit
Reboot to Msdos mode delete C:windowssystem Kernel32.exe and C:windowssystem
Sysexplr.exe Trojan Horse program reboot. Ok
Clear Trojan v2.2 server programs, path users can be arbitrarily defined, write the registry key name can also define their own. Therefore, it cannot be clearly stated. You can check the registry and delete the suspect file path.
Restart Windows by restarting the Trojan program in the Msdos way to remove the corresponding Trojans in the registry. Ok
2. Acid Battery v1.0 Clear Trojan steps: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun Delete Explorer on the right
= "C:windowsexpiorer.exe" closes regedit reboot to Msdos method remove C:windowsexpiorer.exe Trojan program
Note: Do not delete the correct ExpLorer.exe program, there is only the difference between I and L. Reboot. Ok
3. Acid Shiver v1.0 + 1.0Mod + lmacid clear Trojan steps: Reboot to Msdos mode
Delete C:windowsmsgsvr16.exe then go back to Windows system open registry regedit click Directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun Delete the right explorer =
"C:windowsmsgsvr16. EXE "
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrunservices
Delete the right explorer = "c:windowsmsgsvr16." EXE "Off regedit reboot. OK reboot to Msdos mode
Delete C:windowswintour.exe then go back to Windows system open registry regedit click Directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun Delete the Wintour on the right
"C:windowswintour. EXE "
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrunservices
Delete Wintour = "C:windowswintour on the right." EXE "Off regedit reboot. Ok
4. Ambush Clear Trojan steps: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun Delete the Zka on the right
"Zcn32.exe" closes the regedit reboot to Msdos mode deletes c:windows zcn32.exe reboot. Ok
5. AOL Trojan steps to clear the Trojan: boot to Msdos way to remove c:command.exe (suppress file suppressed properties before deleting)
Note: Do not delete the true Command.com file. Delete C:americ~1.0uddyl~1.exe (suppress file's implied properties before deleting) Delete c:
Windowssystem orton~1 Egist~1.exe (remove suppressed properties of file before deletion) Open Win.ini file
Under [WINDOWS], the path of the "run=" and "load=" loader Trojans must be cleared: run= load= save Win.ini
To correct the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun Delete the winprofile on the right
= C:command.exe shut down regedit and restart Windows. Ok
6. Asylum v0.1, 0.1.1, 0.1.2, 0.1.3 + Mini 1.0, 1.1 steps to clear the Trojan:
Note: Trojan program default filename is Wincmp32.exe, however, the program can change the file name. We can according to the Trojan modified System.ini and Win.ini two files to clear the Trojan.
The System.ini file opens with a "shell= filename" under [BOOT]. The correct filename is explorer.exe
If not "Explorer.exe", then that file is a Trojan horse program, find it out, delete. Save exit System.ini Open Win.ini File
There is a run= below [WINDOWS] if you see a path file name after it, you must delete it. The right thing to do is run= behind nothing.
= the path filename behind is the Trojan, find it out, delete it. Save Exit Win.ini. Ok
7. Attackftp Clear Trojan steps: Open Win.ini file under [WINDOWS] have load=wscan.exe delete Wscan.exe
, correct is load= save exit Win.ini. Open registry regedit Click Directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
Remove the right reminder= "wscan.exe/s" close regedit, reboot to msdos system Delete C:windowssystem
Wscan.exe OK
8. Back construction 1.0-2.5 Clear Trojan steps: Open the registry regedit click Directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
Remove the right "c:windowscmctl32.exe" off regedit, reboot to the MSDOS system remove C:windowscmctl32.exe OK
9. Backdoor v2.00-v2.03 Clear Trojan steps: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
Remove the right ' c:windows otpa.exe/o=yes ' off regedit and reboot into the MSDOS system
Delete c:windows Otpa.exe Note: Do not delete the real notepad.exe notebook program OK
BF Evolution v5.3.12 Clear Trojan steps: Open registry regedit click Directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
Remove the right (Default) = "" Close regedit and restart the computer again. The C:windowssystem. exe (space exe file) ok
One-BioNet v0.84-0.92 + 2.21 0.8X version is run in win95/98 0.9X above version has run in WIN95/98
And the Winnt two software client-server protocol is the same, so NT customers can black 95/98 infected machines, and WIN95/98 customers can black NT infected system exactly the same.
Steps to clear the Trojan: First prepare a 98 boot disk, with it started, into the c:windows directory, with attrib libupd~1. Exe-h
The command lets the Trojan program be visible, and then deletes it. After pulling out the floppy disk reboot, enter 98, in the registry find:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
subkey winlibupdate = "C:windowslibupdate.exe-hide" deletes this subkey.
Bla v1.0-5.03 steps to clear the Trojan: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun Delete the Systemdoor on the right
= "C:windowssystemmprdll.exe" closes regedit and restarts the computer.
Find C:windowssystemmprdll.exe and C:windowssystem Undll.exe
Note: Do not delete C:windowsrundll. EXE correct file. and delete two files. Ok
Bladerunner Clear Trojan steps: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun can find System-tray.
= "C:somethingsomething.exe" The path to the right may be anything, when you do not need to delete it, because the Trojan will immediately automatically add, you need
is to write down the name and directory of the Trojan horse, and then return to MS-DOS, find this trojan file and delete. Restart the computer, and then repeat the first step, locate the Trojan file in the registry and delete the key.
Bobo v1.0-2.0 Clear Trojan v1.0 open registry regedit click Directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
Remove the right Dirrectlibrarysupport = "C:windowssystemdllclient.exe" to turn off Regedit and restart the computer.
DEL C:windowssystemdllclient.exe OK Clear Trojan v2.0 open registry regedit click Directory to:
hkey_user/. Default/software/mirabilis/icq/agent/apps/icq Accel/icq
Accel is a "false" primary key, select the ICQ Accel primary KEY and delete it. Restart your computer. Ok
Brainspy Vbeta Clear Trojan steps: Open the registry regedit click the directory to:
There's??? on the Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun right. =
"C:windowssystembrainspy. exe"??? The label selection is changed randomly. Turn off regedit and restart the computer
Find Delete c:windowssystembrainspy. exe OK
Cain and Abel v1.50-1.51 This is a password Trojan into the MS-DOS way to find C:windowsmsabel32.exe
and delete it. Ok
Canasson Clear Trojan steps: Open Win.ini file Find C:msie5.exe, remove all primary key save Win.ini Restart Computer
Delete C:msie5.exe Trojan file ok
Chupachbra Clear Trojan steps: Open Win.ini file [Windows] below there are two rows Run=winprot.exe
Load=winprot.exe Delete Winprot.exe run= load= save Win.ini, and then open the registry regedit click Directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun Remove the right ' System
Protect ' = Winprot.exe restarts Windows lookup to C:windowssystem Winprot.exe and deletes it. Ok
Coma v1.09 The steps to clear the Trojan: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun Delete the ' RunTime ' on the right
= C:windowsmsgsrv36.exe Restart Windows to find the C:windows msgsrv36.exe and remove it. Ok
Control Clear Trojan steps: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun Delete the load MSCHV on the right
DRV = C:windowssystemmschv.exe save regedit, restart Windows
Find the C:windowssystemmschv.exe and delete it. Ok
Dark Shadow Clear Trojan steps: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrunservices
Delete the winfunctions= "Winfunctions.exe" on the right to save regedit, restart Windows lookup to C:windowssystem winfunctions.exe, and delete. Ok
Deepthroat v1.0-3.1 + Mod (foreplay) steps to clear the Trojan: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun version 1.0
Delete the item on the right ' System32 ' =c:windowssystem32.exe version 2.0-3.1 delete the item to the right ' systemtray ' =
' Systray.exe ' saves regedit, restarts Windows version 1.0 to remove the C:windowssystem32.exe version 2.0-3.1
Delete C:windowssystemsystray.exe OK
Delta Source v0.5-0.7 steps to clear the Trojan: Open registry regedit click Directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun Delete Item to the right: DS
Admin tool = C:tempserver.exe save regedit, restart Windows lookup to C:tempserver.exe, and delete it. Ok
Der Spaeher v3 to clear the Trojan: Open registry regedit Click Directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun Delete the item on the right: Explore
= "C:windowssystemdkbdll.exe" Save regedit, restart Windows
to delete the C:windowssystemdkbdll.exe Trojan file. OK--
Doly v1.1-v1.7 (SE) Clear Trojan v1.1-v1.5 version:
This Trojan horse version of the Trojan program placed in three, add two registered items, also added to the Win.ini project.
First, enter the MS-dos mode, delete three Trojans, but V1.35 version more than one Trojan file Mdm.exe. Delete all of the following:
C:windowssystem esk.sys c:windowsstart MenuProgramsStartupmstesk.exe
Crogram FilesMStesk.exe Crogram FilesMdm.exe Restart Windows. Next, open the Win.ini file
Find the Load=c:windowssystem esk.exe project below [WINDOWS], delete the path, change to load= save Win.ini file.
Finally, modify the registry regedit find the following two items and delete them
Hkey_current_usersoftwaremicrosoftwindowscurrentversionrun Ms tesk =
Crogram FilesMStesk.exe "and
Hkey_user. Defaultsoftwaremicrosoftwindowscurrentversionrun Ms tesk =
Crogram FilesMStesk.exe
to find Hkey_current_ USERSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONSS
This group is a trojan with all the parameters to select and set the server to delete all the items in this SS group. Close save Regedit. and open the c:autoexec. BAT file, remove @echo
off copy c:sys.lon c:windowsstartmenustartup Items del C:win.reg
to close the save Autoexec.bat. OK
Clear Trojan V1.6 version: This trojan runs, will not be able to pass 98 normal operation to close, can only reset key. Complete removal steps are as follows: 1. Open Control Panel--Add the removal program--Delete memory
Manager 3.0, this is the Trojan, but it does not remove the Trojan EXE file.
2. Start with the 98 or DOS boot disk (with reset key), transfer to C:, edit AUTOEXEC. BAT, remove the following: @echo off copy
C:sys.lon c:windowsstartm~1programsstartupmdm.exe del c:win.reg
to save AUTOEXEC. BAT file and after returning to DOS, delete the Trojan file in the C: root directory: Del sys.lon del
Windowsstartm~1programsstartupmdm.exe del progra~1mdm.exe
3. Pull out the floppy disk reboot, and after entering 98, remove the Memory Manager directory from the C:Program files directory. Clear Trojan V1.7 version:
First, open c:autoexec. BAT file, delete @echo off copy c:sys.lon
C:windowsstartm~1programsstartupmdm.exe del c:win.reg close save Autoexec.bat
Then open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
to find C: Windowssystemmdm.exe path and delete this item click Directory to:
hkey_user/. default/software/marabilis/icq/agent/apps/
Locate the "C:windowssystemkernal32.exe" path and delete this item to close save Regedit. Restart Windows.
Finally, remove the following trojan: C:sys.lon c:iecookie.exe c:windowsstart
Menuprogramsstartupmdm.exe c:program filesmdm.exe C: Windowssystemmdm.exe
C:windowssystemkernal32.exe Note: kernal32 is a ok
Revenger v1.0-1.5 The steps to clear the Trojan: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
Delete Item to the right: AppName = "C:...server.exe" Close save regedit, restart Windows
In c:windows find the corresponding Trojan program Server.exe, and delete ok
Ripper the steps to clear the Trojan: Open the System.ini file to change the Shell=Explorer.exe Sysrunt.exe to Shell=
Explorer.exe shut down save System.ini, restart Windows in c:windows to find the corresponding Trojan Sysrunt.exe, and delete ok
Satans back Door v1.0 the steps to clear the Trojan: Open the registry regedit click Directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrunservices
Delete Item to the right: Sysprot protection = "C:windowssysprot.exe" closes save regedit, restarts windows
Delete C:windowssysprot.exe OK
Schwindler v1.82 The steps to clear the Trojan: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
Delete Item to the right: User.exe = "C:windowsuser.exe" Close save regedit, restart Windows
Delete C:windowsuser.exe OK
Trojan (sshare) +mod Small Share This shared hide C disk Trojan removal steps: Open registry regedit
Click Directory to: Hkey_local_machinesoftwaremicrosoftwindowscurrentversionnetworklanman
Select the item on the right with ' C $ ' and remove all the save regedit, restart Windows OK
Shadowphyre v2.12.38-2.x Clear Trojan steps: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
Delete items on the right: Winzipp = "C:windowssystemwinzipp.exe/nomsg" or WinZip =
"C:windowssystemwinzip.exe/nomsg" closes the save regedit and restarts WINDOWS deletion c:windows
WinZipp.exe or c:windows WinZip.exe OK
Share all steps to clear the Trojan: Open the registry regedit click on the table of contents to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionnetworklanman
Here you will see all of your hard drive symbols shared by Trojans and remove them all.
Shitheap clear the Trojan steps: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrunservices
Delete items on the right: Recycle-bin = "C:windowssystem ecycle-bin.exe" or Recycle-bin =
"C:windowssystem.exe" closes save regedit, restarts windows
Delete C:windowssystem Ecycle-bin.exe or c:windowssystem.exe OK
Snid V1-2 The steps to clear the Trojan: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
Delete Item to the right: System-tray = ' c:windows emp$01.exe ' close save regedit, restart Windows
Delete C:windows Emp$01.exe OK
Softwarst Clear Trojan steps: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun Delete Items on the right: NetApp
= C:windowssystemwinserv.exe shutdown save regedit, restart Windows
Delete C:windowssystemwinserv.exe OK
Spirit beta-v1.2 (fixed) Clear Trojan v Beta version: Open registry regedit click Directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
Delete Item to the right: Internet = "C:windows etip.exe" close save regedit open Win.ini File
Find Run=c:windows Etip.exe change to: run= Close save Win.ini, restart Windows
Delete c:windows Etip.exe and c:windows etip.exe OK
Clear Trojan V Version 1.2: Open registry regedit click Directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
Delete Item to the right: Systemtray = "C:windowswindown.exe" Close save regedit, restart Windows
Delete C:windowswindown.exe OK
Clear Trojan v 1.2 (fixed) version: Open registry regedit click Directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun Delete Items to the right: Server
1.2.exe = "C:windowsserver 1.2.exe" Turn off save regedit, restart Windows
Delete C:windowsserver 1.2.exe OK
Stealth v2.0-2.16 Clear Trojan steps: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
Delete Item to the right: winprotect System = "C:windowswinprotecte.exe shutdown save regedit, restart Windows Delete c:windowswinprotecte.exe OK
Subseven-introduction Clear Trojan v1.0-1.1: Open registry regedit click Directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
Delete Item to the right: Systemtrayicon = "C:windowssystrayicon.exe" Close save regedit, restart Windows
Delete C:windowssystrayicon.exe OK
Clear Trojan v1.3-1.4-1.5: Open Win.ini File Find to Run=nodll change to run= close save Win.ini, restart Windows delete c:windows odll.exe OK
Clear Trojan v1.6: Open registry regedit click Directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
Delete Item to the right: Systemtray = "SysTray.Exe" Close save regedit, restart Windows
Delete C:windowssystray.exe OK
Clear Trojan v1.7: Open registry regedit click Directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrunservices
Find the item to the right: C:WINDOWSKERNEL16.DL, and remove shutdown save regedit, restart Windows
Delete C:windowskernel16.dl OK
Clear Trojan v1.8: Open registry regedit click Directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun and
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrunservices
Find the item to the right: C:windowssystem.ini., and remove the save regedit off. Open Win.ini file to find run= kernel16.dl
Change to run= close save Win.ini. Open System.ini file to find Shell=Explorer.exe kernel32.dl
Change to Shell=Explorer.exe Close save System.ini, restart Windows delete c:windowskernel16.dl OK
Clear Trojan v1.9-1.9b: Open registry regedit click Directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun and
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrunservices
Delete Item to the right: Registryscan = "Rundll16.exe" Close save regedit, restart Windows
Delete C:windows Undll16.exe OK
Clear Trojan v2.0: Open System.ini file to find Shell=Explorer.exe Trojanname.exe
Change to Shell=Explorer.exe Close save System.ini, restart Windows delete c:windows undll16.exe OK
Clear Trojan v2.1-2.1 Gold + SubStealth-2.1.3 Mod + 2.1.3 Muie + 2.1 Bonus:
Open registry regedit Click Directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun and
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrunservices
Delete Item to the right: Winloader = Msrexe. EXE Hkey_classes_rootexefileshellopencommand
Change the item on the right to: @= ""%1 "%*" to close the save Regedit. Open Win.ini file to find Run=msrexe.exe and
Load=msrexe.exe change to run= load= close save Win.ini. Open System.ini file to find Shell=explore.exe
Msrexe.exe change to Shell=Explorer.exe close save System.ini, restart Windows Delete c:windows
Msrexe.exe C:windowssystemsystray.dll OK
Clear Trojan v2.2b1: Open registry regedit click Directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun and delete items on the right: Loader =
"c:windowssystem***" Note: the loader and filename are arbitrarily altered to close save Regedit. Open Win.ini File Change to run=
Close Save Win.ini. Open System.ini file change to Shell=Explorer.exe close save System.ini, restart Windows
Delete the corresponding Trojan program OK
Telecommando 1.54 to clear the Trojan steps: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
Delete the item on the right: systemapp= ODBC. EXE "Close save regedit, restart Windows Delete C:windowssystem
Odbc. EXE OK--
The unexplained steps to clear the Trojan: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
Delete Item to the right: inetb00st = "c:windowstempinetb00st." EXE "Close save regedit, restart Windows
Delete c:windowstempinetb00st. EXE OK
Thing v1.00-1.60 Clear Trojan v1.00-1.12: Click Directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
Delete Items to the right: (Default) = "C:somepathhere Hing.exe" There are also some:
HKEY_LOCAL_MACHINESYSTEMCURRENTCONTROLSETCONTROLSESSIONMANAGERKNOWN16DL Ls
Delete Item to the right: Wsasrv.exe = "Wsasrv.exe" Close save regedit, restart Windows
Delete C:somepathhere Hing.exe OK
Clear Trojan v 1.20 version: Enter Ms_dos mode: Del winspc13.exe del ms097.exe open System.ini file
Find Shell=Explorer.exe Ms097.exe change to: Shell=Explorer.exe
Close save System.ini, restart Windows OK
Clear Trojan v1.50 version: Click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
The path and filename of the project is randomly altered to see the suspect file path and delete it. Close save Regedit. Open System.ini File
Find Shell=Explorer.exe after the Trojan file is changed to: Shell=Explorer.exe shutdown save System.ini, restart Windows delete the corresponding Trojan file ok
Clear Trojan v1.50 version: Enter Ms_dos mode: Del winspc13.exe del ms097.exe open System.ini file
Find Shell=Explorer.exe after the Trojan file is changed to: Shell=Explorer.exe shutdown save System.ini, restart Windows delete the corresponding Trojan file ok
Transmission Scount v1.1-1.2 The steps to clear the Trojan: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
Delete Item to the right: Kernel16 "= C:windowskernel16.exe close save regedit, restart Windows
Delete C:windowskernel16.exe OK
Trinoo clear the Trojan steps: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun Delete Items to the right:
System Services = service.exe shutdown save regedit, restart Windows
Delete C:windowssystemservice.exe OK
Trojan Cow v1.0 the steps to clear the Trojan: Open the registry regedit click Directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
Delete Item to the right: Syswindow = "C:windowssyswindow.exe" Close save regedit, restart Windows
Delete C:windowssyswindow.exe OK
Tryit the steps to clear the Trojan: Open the registry regedit click on the table of contents to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun Delete Items to the right: Rc5dec
= Crogram filesinternet explorer\_.exe-guistart shutdown save regedit, restart Windows
Delete Crogram filesinternet explorer\_.exe OK
Vampire v1.0-1.2 Clear Trojan steps: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
Delete Item to the right: Sockets = "C:windowssystemsockets.exe" Close save regedit, restart Windows
Delete C:windowssystemsockets.exe OK
Wartrojan v1.0-2.0 Clear Trojan steps: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
Delete Item to the right: Kernel32 = "C:somepathserver.exe" Close save regedit, restart Windows
Delete C:somepathserver.exe OK
Wcrat v1.2b The steps to clear the Trojan: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun Delete Items to the right: MS
Windows System Explorer = "C:windowssysexplor.exe" closes save regedit, restarts windows
Delete C:windowssysexplor.exe OK
WebEx (v1.2, 1.3, and 1.4) steps to clear the Trojan: Open the registry regedit click Directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
Delete Item to the right: RunDl32 = "C:windowssystem ask_bar" closes save regedit, restarts windows
Delete C:windowssystem Ask_bar.exe and c:windowssystemmsinet.ocx OK
Wincrash v2 Clear Trojan steps: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
Delete Item to the right: Winmanager = "C:windowsserver.exe" Close save regedit open Win.ini File
Find Run=c:windowsserver.exe change to: run= save shutdown Win.ini, restart Windows
Delete C:windowsserver.exe OK
Wincrash Clear Trojan steps: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
Delete Item to the right: Msmanager = "SERVER." EXE "Close save regedit, restart Windows to remove C:windowssystem SERVER." EXE OK
Xanadu v1.1 The steps to clear the Trojan: Open the registry regedit click on the table of contents to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun Delete Items to the right: SETUP
= "C:somepathsetup.exe" closes save regedit, restarts Windows delete c:somepathsetup.exe OK
102. Xplorer v1.20 The steps to clear the Trojan: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun Delete Item to the right: PCX =
"C:windowssystempcx.exe" closes the save regedit and restarts Windows deletion C:windowssystempcx.exe
Ok
Xtcp v2.0-2.1 The steps to clear the Trojan: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun
Delete Item to the right: Msgsv32 = "C:windowssystemwinmsg32.exe" Close save regedit, restart Windows
Delete C:windowssystemwinmsg32.exe OK
YAT Clear Trojan steps: Open the registry regedit click the directory to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrunservices
Delete items on the right: Batterieanzeige = ' c:pathnamehereserver.exe/nomsg '
Turn off save regedit, restart Windows Delete c:pathnamehereserver.exe OK