Complete methods for clearing Trojans

Many computer enthusiasts do not know much about security issues, especially the Trojan horse in the computer.

Division. Although there are a lot of software to clear Trojans, they can be automatically cleared. But you don't know how a trojan is on a computer.

If you read this article, you will understand the principles of some Trojans.
The article also contains some of my own experience in dealing with Trojans.
Some of the methods in this document come from the Internet for your research and study.

........................................................................................................................ ............
Clear Trojan V1.54-1.55 version:

These two versions are different from the above versions except the default file name, and the others are the same,
Change vmldir. vxd to intld. vdx.
Drat v1.0-3.0b
To clear a Trojan:

Open Regedit
Click the directory to: hkey_classes_rootexefileshellopencommand
Find @ = SHELL32 "% 1" % * and change it to @ = "% 1" % *
Close Regedit and restart Windows.
Find the c: shell32. * file in windows and delete it.
OK
Eclipse 2000
To clear a Trojan:

Open Regedit
Click the directory:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Delete the project on the right: bybt = "c: windowssystemeclipse2000.exe"
Click the directory:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion RunServices
Delete the project on the right: cksys = "c: windowssystem cocould be anything. exe"
Close Regedit and restart Windows
Find and delete the eclipse2000.exe Trojan file.

Eclypse v1.0
To clear a Trojan:

Open Regedit
Click the directory:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Delete the project on the right: Rnaapp = "C: WINDOWSSYSTEMmaapp.exe"
Close Regedit and restart Windows
Delete C: WINDOWSSYSTEMmaapp.exe
Note: Do not delete rnaapp.exe.
OK
Executer v1
To clear a Trojan:

Open Regedit
Click the directory:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Find "C: windowssexec.exe" in the project on the right and delete it.
Close Regedit and restart Windows
Delete the trojan file.
OK
FakeFTP beta
To clear a Trojan:

Open Regedit
Click the directory:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Delete the project on the right: Rundll32 = rundll3.tww/h
Close Regedit and restart Windows
Find the three files in the C: windows folder and delete them.
Rundll3.bat-9x. reg-nt. reg
OK
Forced Entry
To clear a Trojan:

Open Regedit
Click the directory:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Delete the project on the right: MicrosoftRegistration32 = "C: somepath rojanhrs.exe"
Close Regedit and restart Windows
From the perspective of ease of modification, you only need to find trojanhrs.exe and delete it.
Javascrasher v1.0-1.2
Clear Trojan v1.0:
Open Regedit
Click the directory:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Delete the project on the right: Export E = 'C: windowsexplore.exe'
Close Regedit and restart Windows
Then, delete the trojan program.
OK

Clear Trojan v1.1:
Open Regedit
Click the directory:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Delete the project on the right: Inet = 'your E. EXE'
Close Regedit and restart Windows
Find the corresponding trojan program and delete it.
OK

Clear Trojan v1.2:
Open Regedit
Click the directory:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Delete the project on the right: Command = 'C: windowssystem.exe'

Close Regedit and restart Windows
Find the corresponding trojan program and delete it.
OK
Girlfriend v1.3x (Including Patch 1 and 2)
To clear a Trojan:

Open Regedit
Click the directory:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Delete the project on the right: Windll.exe = "C: windowswindll.exe"
Regedit also stores server data
HKEY_LOCAL_MACHINESOFTWAREMicrosoftGeneral
Delete General project title
Close Regedit and restart Windows
Find the corresponding trojan program and delete it.
OK
Golden Retreiver v1.1b
To clear a Trojan:

Open Regedit
Click the directory:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Delete the project on the right: Task Manager = "c: mstask.exe"
Close Regedit and restart Windows
Find the corresponding trojan program and delete it.
OK
Hack 'a Tack 1.0-2000
Clear Trojan v1.0-1.2:

Open Regedit
Click the directory:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Delete the project on the right: assumer32 = "C: windowsExpl32.exe"
Close Regedit and restart Windows
Find the corresponding trojan program and delete it.
OK

Glacier v1.1 v2.2
Glaciers are the best Trojans in China
Clear Trojan v1.1
Open Regedit
Click the directory:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Search for the following two paths and delete them.
"C: windowssystem kernel32.exe"
"C: windowssystem sysexplr.exe"
Disable Regedit
Restart to MSDOS
Delete the C: windowssystem kernel32.exe and C: windowssystem sysexplr.exe Trojans
Restart. OK
Clear Trojan v2.2
Server programs and paths can be defined by users at will, and keys written to the registry can also be defined by users.
Therefore, it cannot be clearly stated.
You can view the registry and delete Suspicious File paths.
Restart to MSDOS
The trojan program corresponding to the registry is deleted.
Restart Windows. OK

Acid Battery v1.0
To clear a Trojan:

Open Regedit
Click the directory:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Delete Explorer = "C: WINDOWSexpiorer.exe" on the right"
Disable Regedit
Restart to MSDOS
Delete the c: windowsexpiorer.exe Trojan
Note: you do not need to delete external er.exe programs. They only have the difference between I and L.
Restart. OK
Acid Shiver v1.0 + 1.0Mod + lmacid
To clear a Trojan:

Restart to MSDOS
Delete C: windowsMSGSVR16.EXE
Then return to the Windows System
Open Regedit
Click the directory:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Delete Explorer = "C: WINDOWSMSGSVR16.EXE" on the right"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices
Delete Explorer = "C: WINDOWSMSGSVR16.EXE" on the right"
Disable Regedit
Restart. OK

Restart to MSDOS
Delete C: windowswintour.exe and return to Windows
Open Regedit
Click the directory:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Delete Wintour = "C: WINDOWSWINTOUR. EXE" on the right"
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices
Delete Wintour = "C: WINDOWSWINTOUR. EXE" on the right"
Disable Regedit
Restart. OK
Ambush
To clear a Trojan:

Open Regedit
Click the directory:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Delete zka = "zcn32.exe" on the right"
Disable Regedit
Restart to MSDOS
Delete C: Windows zcn32.exe
Restart. OK
AOL Trojan
To clear a Trojan:

Start to MSDOS Mode
Delete C: command.exe (cancel the implicit attribute of the file before deletion)
Note: Do not delete the command.com file.
Delete C: americ ~ 1.0uddyl ~ 1. exe (cancel the implicit attribute of the file before deletion)
Delete C: windowssystemorton ~ 1egist ~ 1. exe (cancel the implicit attribute of the file before deletion)

Open the WIN. ini file
Under [WINDOWS], "run =" and "load =" are the paths of the loader Trojan Horse. They must be cleared:
Run =
Load =
Save WIN. INI

You must also correct the Registry Regedit.
Click the directory:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Delete WinProfile = c: command.exe on the right
Disable Regedit and restart Windows. OK
Asylum v0.1, 0.1.1, 0.1.2, 0.1.3 + Mini 1.0, 1.1
To clear a Trojan:

Note: The Trojan program ghost file name is wincmp32.exe, but the program can change the file name at will.
We can clear the trojan according to the system. ini and win. ini files modified by the Trojan.
Open the system. ini file
Under [BOOT], there is a "shell = file name ". The specified file name is assumer.exe.
If it is not "assumer.exe", the file is a trojan program. Find it and delete it.
Save and exit system. ini
Open the win. ini file
Under [WINDOWS], there is a run =
If you see that = is followed by a path file name, you must delete it.
The correct one is that run = is followed by nothing.
= The following path file name is a trojan. Find it and delete it.
Save and exit win. ini.
OK
AttackFTP
To clear a Trojan:

Open the win. ini file
Loadpolicwscan.exe is available in windows.
Delete wscan.exe, correct: load =
Save and exit win. ini.

Open Registration