How to clear Trojans-104 Trojans manually clear methods

During this time, the server was infected with viruses, and I did not know much about the security issues. I have organized some methods to clear Trojans this time. I hope to help you with some valuable information. Although there are a lot of software to clear Trojans, they can be automatically cleared. But you don't know how a trojan runs on a computer. If you read this articleArticleThen you will understand the principles of some Trojans. The collected information is for reference only :)

1. Glacier V1.1 v2.2 this is the best Trojan horse in China: Huang Xin

Clear Trojan V1.1 open registry Regedit click directory to: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run find the following two paths and delete "C: \ WINDOWS \ SYSTEM \ Kernel32.exe "" C: \ WINDOWS \ SYSTEM \ sysexplr.exe "Close regedit and restart msdos to delete C: \ WINDOWS \ SYSTEM \ Kernel32.exe and C: \ WINDOWS \ SYSTEM \ sysexplr.exe TrojanProgramRestart. OK

You can clear the trojan v2.2 server program and path at will. You can also define the key name written to the Registry. Therefore, it cannot be clearly stated. You can view the registry and delete Suspicious File paths. Restart msdos to delete the trojan program corresponding to the Registry and restart Windows. OK

2. step for clearing Acid Battery V1.0 Trojan: open registry regedit and click the directory to: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run to delete explorer = "C: \ windows \ expiorer.exe "Disable regedit and restart msdos to delete the c: \ windows \ expiorer.exe Trojan. Note: you do not need to delete the unique assumer.exe program. There is only the difference between I and L. Restart. OK

3. steps for clearing Trojans using acid shiver V1.0 + 1.0mod + lmacid: restart msdos to delete c: \ windows \ MSGSVR16.EXE and return to the Windows system to open the Registry Regedit. Click the directory: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run Delete explorer = "C: \ windows \ MSGSVR16.EXE "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ runservices Delete explorer =" C: \ WINDOWS \ MSGSVR16.EXE "Disable Regedit restart. OK, restart msdos to delete c: \ windows \ wintour.exe, and return to the Windows system, open the Registry regedit, and click the directory: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run Delete Wintour = "C: \ WINDOWS \ wintour. EXE "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ runservices Delete Wintour =" C: \ WINDOWS \ wintour. EXE "closes regedit and restarts. OK

4. steps for clearing ambush Trojans: open registry regedit and click the directory: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ Delete zka = "zcn32.exe" on the right, disable regedit, restart msdos, and delete c: \ windows \ zcn32.exe. OK

5. AoL Trojan to clear Trojans: Start msdos to delete c: \ command.exe (cancel the implicit attribute of the file before deletion) Note: Do not delete the true command.com file. Delete c: \ Americ ~ 1.0 \ buddyl ~ 1. EXE (cancel the implicit attribute of the file before deletion) delete C: \ WINDOWS \ SYSTEM \ Norton ~ 1 \ regist ~ 1. EXE (cancel the implicit attribute of the file before deletion) Open win. INI files under [windows] "run =" and "load =" are loaded by the Trojan Horse program path, they must be cleared: Run = load = save win. INI also needs to correct the Registry regedit and click the directory to: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run to delete winprofile = C: \ command.exe on the Right To Close regedit and restart Windows. OK

6. Steps for clearing Trojans in asylum v0.1, 0.1.1, 0.1.2, 0.1.3 + mini 1.0, and 1.1: Note: The Trojan program ghost file name is wincmp32.exe, but the program can change the file name at will. We can clear the trojan according to the system. ini and win. ini files modified by the Trojan. Open the system. ini file and there is a "shell = file name" under [boot ". The specified file name is assumer.exe. If it is not "assumer.exe", the file is a trojan program. Find it and delete it. Save and exit system. ini open the win. ini file and there is a run under [windows] = If you see a path file name after =, you must delete it. The correct one is that run = is followed by nothing. = The following path file name is a trojan. Find it and delete it. Save and exit win. ini. OK

7. attackftp to clear the trojan: Open the win. ini file and delete wscan.exe under loadmediawscan.exe in windows. load = save and exit win. ini. Open regedit in the Registry and click the directory HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run to delete reminder = "wscan.exe/s" on the Right To Close regedit and restart msdos to delete C: \ WINDOWS \ SYSTEM \ wscan.exe OK

8. back construction 1.0-2.5 to clear the trojan: Open the Regedit registry and click the directory to: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run to delete "C: \ windows \ cmctl32.exe "Close regedit and restart msdos to delete c: \ windows \ cmctl32.exe OK

9. step for clearing backdoor v2.00-v2.03: Open Regedit in the Registry and click the directory to: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run to delete 'C: \ windows \ notpa.exe/o = Yes 'disable regedit and restart msdos to delete c: \ windows \ notpa.exe. Note: Do not delete the real note.exe notebook program OK

10. BF evolution v5.3.12 steps to clear Trojans: Open Regedit in the Registry and click the directory to: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run Delete (default) = "" Close regedit, restart the computer again. Set C: \ WINDOWS \ SYSTEM \. EXE (space EXE file) OK

11. bioNet v0.84-0.92 + 2.21 0.8x is running in Win95/98 0.9x or later versions. Two software clients running in Win95/98 and WinNT have the same server protocol, therefore, NT customers can black 95/98 infected machines, which is exactly the same as Win95/98 customers can black nt infected systems. Steps to clear a Trojan: First prepare a 98 boot disk, use it to start, enter the C: \ Windows directory, and use attrib libupd ~ 1. Run the exe-H command to make the trojan program visible and then delete it. After the floppy disk is extracted, restart and enter 98. in the registry, find the HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ sub-key winlibupdate = "C: \ windows \ libupdate.exe-hide "deletes this subkey.

12. bla V1.0-5.03 to clear the trojan: Open Regedit in the Registry and click the directory HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run to delete systemdoor = "C: \ WINDOWS \ SYSTEM \ mprdll.exe "Close regedit and restart the computer. Find C: \ WINDOWS \ SYSTEM \ mprdll.exe and C: \ WINDOWS \ SYSTEM \ rundll.exe. Note: Do not delete the correct file c: \ windows \ rundll. EXE. And delete two files. OK

13. steps for bladerunner to clear Trojans: Open Regedit in the Registry and click the directory HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run To find system-tray = "C: \ something \ something.exe "the path on the right may be anything. In this case, you do not need to delete it because the trojan will be automatically added immediately. What you need is to write down the trojan name and directory, then return to the MS-DOS, find the trojan file and delete it. Restart the computer and repeat the first step to find the trojan file in the Registry and delete the key.

14. bobo V1.0-2.0 clear Trojan V1.0 open registry Regedit click directory to: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run Delete dirrectlibrarysupport = "C: \ WINDOWS \ SYSTEM \ dllclient.exe "Close regedit and restart the computer. Del C: \ WINDOWS \ SYSTEM \ dllclient.exe OK clear Trojan V2.0 open registry Regedit click directory to: hkey_user /. default/software/Mirabilis/ICQ/agent/apps/ICQ accel is an "hypothetical" primary key. Select the primary key of ICQ accel and delete it. Restart the computer. OK

15. Steps for clearing the brainspy vbeta Trojan: Open Regedit in the Registry and click the directory to the right of HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run ??? = "C: \ WINDOWS \ SYSTEM \ brainspy. EXE "??? Tag selection is randomly changed. Close regedit and restart the computer to find and delete C: \ WINDOWS \ SYSTEM \ brainspy. EXE OK

16. Cain and Abel v1.50-1.51 this is a password Trojan entering the MS-DOS mode to find C: \ WINDOWS \ msabel32.exe and delete it. OK

17. canasson: Open the win. ini file to find c: \ msie5.exe, delete all primary keys, save win. ini, restart the computer, and delete the c: \ msie5.exe Trojan file OK.

18. chupachbra to clear Trojans: Open win. under the INI file [windows], there are two lines: run=winprot.exe load=winprot.exe Delete winprot.exe run = load = save win. INI, then Open Regedit in the Registry and click the directory to: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run to delete 'System protect '= winprot.exe on the right and restart Windows to find C: \ WINDOWS \ SYSTEM \ winprot.exe and delete it. OK

19. to clear Trojans in coma v1.09, Open Regedit in the Registry and click the directory HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run to delete 'runtime' = C: \ windows \ Msgsrv36.exe restart Windows to find C: \ WINDOWS \ Msgsrv36.exe and delete it. OK

20. to clear the trojan, Open Regedit in the Registry and click the directory HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run to delete load mschv DRV = C: \ WINDOWS \ SYSTEM \ mschv.exe save regedit, restart Windows to find C: \ WINDOWS \ SYSTEM \ mschv.exe, and delete it. OK

21. steps for clearing the trojan in dark shadow: Open Regedit in the Registry and click "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ runservices" to delete winfunctions = "winfunctions.exe" on the Right To save Regedit, restart Windows to find C: \ WINDOWS \ SYSTEM \ winfunctions.exe and delete it. OK

22. deepthroat V1.0-3.1 + Mod (foreplay) to clear the trojan: Open the Registry regedit and click the directory: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run version 1.0 Delete the project 'system32' = C: \ windows \ system32.exe version 2.0-3.1 Delete the project 'systemrule' = 'mongoray.exe 'on the Right To save regedit, restart Windows Version 1.0 and delete c: \ windows \ system32.exe version 2.0-3.1 Delete C: \ WINDOWS \ SYSTEM \ mongoray.exe OK

23. delta Source v0.5-0.7 to clear the trojan: Open the Registry regedit and click the directory to: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run to delete the project on the right: Ds admin tool = C: \ tempserver.exe save regedit, restart Windows to find c: \ tempserver.exe, and delete it. OK

24. der spaeher V3 to clear Trojans: Open the Registry regedit and click the directory to: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run to delete the project on the right: Export E = "C: \ WINDOWS \ SYSTEM \ dkbdll.exe "Save regedit and restart Windows to delete the C: \ WINDOWS \ SYSTEM \ dkbdll.exe Trojan file. OK

--

25. Doly V1.1-v1.7 (SE) purge Trojan V1.1-V1.5 version: These Trojan versions are placed in three places, add two registration items, and add to the win. ini project. First, go to MS-DOS to delete three trojan programs, but v1.3520.multiple Trojan Files mdm.exe. Delete all of the following items: C: \ WINDOWS \ SYSTEM \ Tesk. sys c: \ windows \ Start Menu \ Programs \ Startup \ mstesk.exe c: \ Program Files \ mdm.exe restart Windows. Next, open the win. ini file and find the load = C: \ WINDOWS \ SYSTEM \ tesk.exe project under [windows]. Delete the path and change it to load = Save the win. ini file. Finally, modify the Registry Regedit find the following two items and delete them HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run MS Tesk = "C: \ Program Files \ mstesk.exe" and hkey_user \. default \ Software \ Microsoft \ Windows \ CurrentVersion \ Run MS Tesk = "C: \ Program Files \ mstesk.exe "and then find that the HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ SS group is the server for selecting and setting all the parameters of the Trojan, delete all the items in this SS group. Disable Regedit. Open c: \ autoexec. BAT file, delete @ echo off copy c: \ sys. lon c: \ windows \ startmenu \ Startup items \ del c: \ win. reg close and save autoexec. BAT. OK to clear Trojan v1.6: When the trojan is running, it cannot be disabled through the normal operation of 98, and only the reset key is allowed. The steps to completely clear the trojan file are as follows: 1. Open the control panel -- add and delete a program -- delete Memory Manager 3.0. This is a trojan program, but it does not delete the trojan EXE file. 2. Start the disk with 98 or DoS (use the reset Key), transfer it to c: \, and edit autoexec. Bat, delete the following content: @ echo off copy c: \ SYS. Lon c: \ windows \ startm ~ 1 \ Programs \ Startup \ mdm.exe del c: \ win. Reg save autoexec. After the BAT file is returned and DOS is returned, delete the trojan file del SYS. Lon del WINDOWS \ startm ~ in the C: \ root directory ~ 1 \ Programs \ Startup \ mdm.exe del progra ~ 1 \ mdm.exe 3. Remove the floppy disk and restart. After Entering 98, delete the Memory Manager directory under the c: \ Program Files \ directory. Clear Trojan v1.7: First, open the c: \ autoexec. BAT file and delete @ echo off copy c: \ SYS. Lon c: \ windows \ startm ~ 1 \ Programs \ Startup \ mdm.exe del c: \ win. reg close and save autoexec. bat then Open Regedit in the Registry and click the directory to: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run To find the C: \ WINDOWS \ SYSTEM \ mdm.exe path and delete the project. Click the directory: hkey_user /. default/software/marabilis/ICQ/agent/apps/find the "C: \ WINDOWS \ SYSTEM \ kernal32.exe" path and delete the project to close and save Regedit. Restart Windows. Finally, delete the following Trojan program: C: \ sys. lon c: \ iecookie.exe c: \ windows \ Start Menu \ Programs \ Startup \ mdm.exe c: \ Program Files \ mdm.exe C: \ WINDOWS \ SYSTEM \ mdm.exe C: \ WINDOWS \ SYSTEM \ kernal32.exe Note: kernal32 is a OK

75. revenger V1.0-1.5 to clear the trojan: Open Regedit in the Registry and click the directory HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ to delete the project on the right: appname = "C: \... \ server.exe "close and save regedit, restart Windows, find the corresponding trojan program server.exe in c: \ windows, and delete OK

76. Ripper to clear the trojan: Open the system. ini file and change shell‑policer.exe sysrunt.exe to shell = javaser.exe to close and save system. ini, restart Windows, find the corresponding trojan program sysrunt.exe in c: \ windows, and delete OK.

77. steps for clearing the trojan in Satans back door V1.0: Open Regedit in the Registry and click the directory HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ runservices \ to delete the project on the right: sysprot protection = "C: \ windows \ sysprot.exe "Close regedit and restart Windows to delete c: \ windows \ sysprot.exe OK

78. steps for clearing the trojan in schwindler v1.82: Open Regedit in the Registry and click the directory HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ to delete the project on the right: user.exe = "C: \ windows \ user.exe "Close regedit and restart Windows to delete c: \ windows \ user.exe OK

79. setup Trojan (sshare) + mod small share this share hidden drive c Trojan purge steps: Open the Registry regedit and click the directory: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Network \ LANMAN \

Select a project with 'C $ 'on the right, delete all items, close and save regedit, and restart Windows OK.

80. shadowphyre v2.12.38-2.x to clear the trojan: Open Regedit in the Registry and click the directory HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ to delete the project on the right: winzipp = "C: \ WINDOWS \ SYSTEM \ winzipp.exe/nomsg "or WinZip =" C: \ WINDOWS \ SYSTEM \ winzip.exe/nomsg "Close regedit and restart Windows to delete C: \ windows \ winzipp.exe or C: \ WINDOWS \ winzip.exe OK

81. Share all to clear the trojan: Open Regedit in the Registry and click the directory to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Network \ LANMAN \

Here you will see all your hard drive symbols shared by Trojans and delete them one by one.

82. to clear the trojan, go to Regedit in the Registry and click "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ runservices \" to delete the project on the right: Recycle-bin = "C: \ WINDOWS \ SYSTEM \ recycle-bin.exe "or recycle-bin =" C: \ WINDOWS \ system.exe "close save regedit, restart Windows to delete C: \ WINDOWS \ SYSTEM \ recycle-bin.exe or C: \ windows \ system.exe OK

83. to clear the trojan in Snid V1-2, Open Regedit in the Registry and click the directory HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ to delete the project on the right: System-tray = 'C: \ windows \ temp000001.exe 'close and save regedit, restart Windows to delete c: \ windows \ temp000001.exe OK

84. to clear a trojan in softwarst, Open Regedit in the Registry and click "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \" to delete the project on the right: netapp = C: \ WINDOWS \ SYSTEM \ winserv.exe close and save regedit, restart Windows to delete C: \ WINDOWS \ SYSTEM \ winserv.exe OK

85. spirit 2000 Beta-v1.2 (fixed) purge Trojan V beta version: open registry regedit and click the directory to: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ Delete the project on the right: internet = "C: \ WINDOWS \ netip.exe" close save Regedit open win. in the INI file, run = c: \ windows \ netip.exe is changed to run = close and save win. INI, restart Windows to delete c: \ windows \ netip.exe and c: \ windows \ netip.exe OK clear Trojan v 1.2: open registry regedit and click the directory: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ Delete project on the right: systemtray = "C: \ WINDOWS \ mongown.exe" Close saving regedit, restart Windows to delete C: \ windows \ cmdwn.exe OK clear Trojan v 1.2 (fixed) version: open registry regedit and click the directory to: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ Delete the project on the right: server 1.2.exe = "C: \ WINDOWS \ Server 1.2.exe" close and save regedit, restart Windows to delete c: \ windows \ Server 1.2.exe OK

86. stealth V2.0-2.16 to clear the trojan: Open Regedit in the Registry and click the directory HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ to delete the project on the right: winprotect system = "C: \ windows \ winprotecte.exe close and save regedit, restart Windows to delete c: \ windows \ winprotecte.exe OK

87. subSeven-Introduction clear Trojan V1.0-1.1: open registry Regedit click directory to: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ Delete project on the right: systemtrayicon = "C: \ windows \ javasrayicon. EXE "close and save regedit, restart Windows to delete c: \ windows \ javasrayicon. EXE OK clear Trojan v1.3-1.4-1.5: Open win. the INI file finds that run = nodll is changed to run = close and save win. INI, restart Windows to delete c: \ windows \ nodll.exe OK clear Trojan v1.6: open registry Regedit click directory to: HKEY_LOCAL_MACHINE \ softwar E \ Microsoft \ Windows \ CurrentVersion \ Run \ Delete the right project: systemtray = "Ray. EXE "close and save regedit, restart Windows to delete c: \ windows \ mongoray.exe OK clear Trojan v1.7: open registry regedit and click the directory: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ runservices \ find the project on the right: C: \ WINDOWS \ kernel16.dl, delete, close and save regedit, restart Windows, and delete C: \ windows \ kernel16.dl OK clear Trojan v1.8: open registry Regedit click directory to: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr Entversion \ Run and HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ runservices \ find the project on the right: C: \ WINDOWS \ SYSTEM. ini. And delete and close and save Regedit. Open the win. ini file and find that run = kernel16.dl is changed to run = close and save win. ini. Open System. in the INI file, change shelljavaser.exe kernel32.dl to shelljavaser.exe to disable saving system. INI, restart Windows to delete c: \ windows \ kernel16.dl OK clear Trojan v1.9-1.9b: open registry regedit and click the directory: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run and HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ runservices \ Delete the project on the right: registryscan = "rundll16.exe" Close regedit, restart Windows to delete c: \ windows \ rundll16.exe OK clear Trojan v 2.0: open system. in the INI file, we found shelljavaser.exe trojanname.exe and changed it to shelljavaser.exe to disable saving system. INI, restart Windows to delete c: \ windows \ rundll16.exe OK clear Trojan V2.1-2.1 Gold + substealth-2.1.3 mod + 2.1.3 muie + 2.1 Bonus: open registry regedit and click the directory: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run and HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ runservices \ Delete the project on the right: winloader = msrexe. EXE HKE Y_classes_root \ exefile \ shell \ open \ command to change the project on the right to @ = "\" % 1 \ "% *" to disable Regedit saving. Open the win. ini file and find the runningmsrexe.exe and loadpolicmsrexe.exe files. Change them to run = load = close and save win. ini. Open System. in the INI file, the system is changed to shell‑police.exe msrexe.exe to shell‑policer.exe. INI, restart Windows to delete c: \ windows \ msrexe.exe C: \ WINDOWS \ SYSTEM \ audit Ray. DLL OK clear Trojan v2.2b1: open registry Regedit click directory to: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run and delete the right project: loader = "C: \ WINDOWS \ SYSTEM \ *** "NOTE: The loader and file name are randomly changed to close and save Regedit. Open the win. ini file and change it to run = to close and save win. ini. Open the system. ini file and change it to shelljavaser.exe to close and save system. ini. restart Windows to delete the corresponding trojan program. OK

88. telecommando 1.54 to clear the trojan: Open Regedit in the Registry and click the directory HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ Delete the project on the right: systemapp = "ODBC. EXE "close and save regedit, restart Windows to delete C: \ WINDOWS \ SYSTEM \ ODBC. exe OK --

89. steps for clearing the Unexplained Trojan: Open Regedit in the Registry and click the directory HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ Delete the project on the right: inetb00st = "C: \ windows \ tempinetb00st. EXE "Close regedit and restart Windows to delete c: \ windows \ tempinetb00st. EXE OK

90. thing v1.00-1.60 clear Trojan v1.00-1.12: Click the directory to: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ Delete the project on the right: (default) = "C: \ some \ path \ here \ thing.exe "is also found in: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ sessionmanager \ known16dl

Ls \ Delete project on the right: wsasrv.exe = "wsasrv.exe" Close regedit and restart Windows to delete c: \ some \ path \ here \ thing.exe OK to clear Trojan v 1.20: enter ms_dos mode: del winspc13.exe del ms097.exe open system. in the INI file, find shelljavaser.exe ms097.exe and change it to: shelljavaser.exe to close and save system. INI, restart Windows OK clear Trojan v1.50 version: Click the directory to: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ the path and file name of this project are randomly changed, check the Suspicious File Path and delete it. Disable Regedit. Open System. after checking the INI file, find the trojan file named "shelljavaser.exe" and change it to "shelljavaser.exe" to close and save system. INI, restart Windows to delete the corresponding trojan file OK clear Trojan v1.50 version: Enter ms_dos mode: del winspc13.exe del ms097.exe open system. after checking the INI file, find the trojan file named "shelljavaser.exe" and change it to "shelljavaser.exe" to close and save system. INI, restart Windows to delete the corresponding trojan file OK

91. transmission scount V1.1-1.2 steps to clear the trojan: Open Regedit in the Registry and click the directory to: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ Delete the right project: kernel16 "= C: \ windows \ kernel16.exe close and save regedit, restart Windows to delete c: \ windows \ kernel16.exe OK

92. step for clearing the trojan in Trinoo: Open Regedit in the Registry and click the directory to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ Delete the project on the right: system services = service.exe close and save Regedit, restart Windows to delete C: \ WINDOWS \ SYSTEM \ service.exe OK

93. trojan Cow V1.0 to clear the trojan: Open Regedit in the Registry and click the directory HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ to delete the project on the right: syswindow = "C: \ windows \ syswindow.exe "Close regedit and restart Windows to delete c: \ windows \ syswindow.exe OK

94. step for tryit to clear the trojan: Open Regedit in the Registry and click the directory HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ to delete the project on the right: rc5dec = C: \ Program Files \ Internet Explorer \ _.exe-guistart close and save regedit, restart Windows to delete c: \ Program Files \ Internet Explorer \ _.exe OK

95. vampire V1.0-1.2 to clear the trojan: Open Regedit in the Registry and click the directory HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ to delete the project on the right: Sockets = "C: \ WINDOWS \ SYSTEM \ sockets.exe "close and save regedit, restart Windows to delete C: \ WINDOWS \ SYSTEM \ sockets.exe OK

96. steps for clearing the trojan from wartrojan V1.0-2.0: Open Regedit in the Registry and click the directory HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ to delete the project on the right: Kernel32 = "C: \ somepath \ server.exe "Close regedit and restart Windows to delete c: \ somepath \ server.exe OK

97. wcrat v1.2b to clear the trojan: Open Regedit in the Registry and click the directory HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ to delete the project on the right: MS Windows System explorer = "C: \ windows \ sysexplor.exe "Close regedit and restart Windows to delete c: \ windows \ sysexplor.exe OK

98. to clear a trojan from WebEx (v1.2, 1.3, and 1.4), go to Regedit in the Registry and click "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \" to delete the project on the right: rundl32 = "C: \ WINDOWS \ SYSTEM \ task_bar" close and save regedit, restart Windows to delete C: \ WINDOWS \ SYSTEM \ task_bar.exe and C: \ WINDOWS \ SYSTEM \ msinet. OCX OK

99. steps for clearing the trojan in WinCrash V2: Open Regedit in the Registry and click the directory HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ to delete the project on the right: winmanager = "C: \ windows \ server.exe "close save Regedit open win. INI file found run = C: \ WINDOWS \ server.exe changed to: Run = save close win. INI, restart Windows to delete c: \ windows \ server.exe OK

100. steps for clearing the trojan in WinCrash: Open Regedit in the Registry and click the directory to HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ Delete the project on the right: msmanager = "server. EXE "close and save regedit, restart Windows to delete C: \ WINDOWS \ SYSTEM \ Server. EXE OK

101. xanadu V1.1 to clear the trojan: Open Regedit in the Registry and click the directory HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ Delete the project on the right: Setup = "C: \ somepath \ setup.exe "Close regedit and restart Windows to delete c: \ somepath \ setup.exe OK

102. xplorer v1.20 to clear the trojan: Open Regedit in the Registry and click the directory HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ to delete the project on the right: PCX = "C: \ WINDOWS \ SYSTEM \ pcx.exe "close and save regedit, restart Windows to delete C: \ WINDOWS \ SYSTEM \ pcx.exe OK

103. to clear a trojan in xtcp V2.0-2.1, Open Regedit in the Registry and click the directory HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ to delete the project on the right: msgsv32 = "C: \ WINDOWS \ SYSTEM \ winmsg32.exe "close and save regedit, restart Windows to delete C: \ WINDOWS \ SYSTEM \ winmsg32.exe OK

104. yat To clear the trojan: Open Regedit in the Registry and click the directory HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ runservices \ to delete the project on the right: batterieanzeige = 'C: \ pathnamehere \ server.exe/nomsg close and save regedit, restart Windows to delete c: \ pathnamehere \ server.exe OK