Manual clearing of 104 Trojans

Glacier v1.1 v2.2
This is the best Trojan horse in China by Huang Xin
Clear Trojan v1.1
Open Regedit
Click the directory:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Search for the following two paths and delete them.
"C: \ windows \ system \ kernel32.exe"
"C: \ windows \ system \ sysexplr.exe"
Disable Regedit
Restart to MSDOS
Delete C: \ windows \ system \ kernel32.exe and C: \ windows \ system \ sysexplr.exe Trojans
Restart. OK

Clear Trojan v2.2
Server programs and paths can be defined by users at will, and keys written to the registry can also be defined by users.
Therefore, it cannot be clearly stated.
You can view the registry and delete Suspicious File paths.
Restart to MSDOS
The trojan program corresponding to the registry is deleted.
Restart Windows. OK

2. Acid Battery v1.0
To clear a Trojan:
Open Regedit
Click the directory:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Delete Explorer = "C: \ WINDOWS \ expiorer.exe" on the right"
Disable Regedit
Restart to MSDOS
Delete the c: \ windows \ expiorer.exe Trojan
Note: you do not need to delete external er.exe programs. They only have the difference between I and L.
Restart. OK

3. Acid Shiver v1.0 + 1.0Mod + lmacid
To clear a Trojan:
Restart to MSDOS
Delete C: \ windows \ MSGSVR16.EXE
Then return to the Windows System
Open Regedit
Click the directory:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Delete Explorer = "C: \ WINDOWS \ MSGSVR16.EXE" on the right"
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServices
Delete Explorer = "C: \ WINDOWS \ MSGSVR16.EXE" on the right"
Disable Regedit
Restart. OK
Restart to MSDOS
Delete C: \ windows \ wintour.exe and return to Windows
Open Regedit
Click the directory:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Delete Wintour = "C: \ WINDOWS \ WINTOUR. EXE" on the right"
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServices
Delete Wintour = "C: \ WINDOWS \ WINTOUR. EXE" on the right"
Disable Regedit
Restart. OK

4. Ambush
To clear a Trojan:
Open Regedit
Click the directory:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete zka = "zcn32.exe" on the right"
Disable Regedit
Restart to MSDOS
Delete C: \ Windows \ zcn32.exe
Restart. OK

5. AOL Trojan
To clear a Trojan:
Start to MSDOS Mode
Delete C: \ command.exe (cancel the implicit attribute of the file before deletion)
Note: Do not delete the command.com file.
Delete C: \ americ ~ 1.0 \ buddyl ~ 1. exe (cancel the implicit attribute of the file before deletion)
Delete C: \ windows \ system \ norton ~ 1 \ regist ~ 1. exe (cancel the implicit attribute of the file before deletion)
Open the WIN. ini file
Under [WINDOWS], "run =" and "load =" are the paths of the loader Trojan Horse. They must be cleared:
Run =
Load =
Save WIN. INI
You must also correct the Registry Regedit.
Click the directory:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Delete WinProfile = c: \ command.exe on the right
Disable Regedit and restart Windows. OK

6. Asylum v0.1 0.1.1 0.1.2 0.1.3 + Mini 1.0 1.1
To clear a Trojan:
Note: The Trojan program ghost file name is wincmp32.exe, but the program can change the file name at will.
We can clear the trojan according to the system. ini and win. ini files modified by the Trojan.
Open the system. ini file
Under [BOOT], there is a "shell = file name ". The specified file name is assumer.exe.
If it is not "assumer.exe", the file is a trojan program. Find it and delete it.
Save and exit system. ini
Open the win. ini file
Under [WINDOWS], there is a run =
If you see that = is followed by a path file name, you must delete it.
The correct one is that run = is followed by nothing.
= The following path file name is a trojan. Find it and delete it.
Save and exit win. ini.
OK

7. AttackFTP
To clear a Trojan:
Open the win. ini file
Loadpolicwscan.exe is available in windows.
Delete wscan.exe, correct: load =
Save and exit win. ini.
Open Regedit
Click the directory:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Delete Reminder = "wscan.exe/s" on the right"
Disable Regedit and restart MSDOS.
Delete C: \ windows \ system \ wscan.exe
OK

8. Back Construction 1.0-2.5
To clear a Trojan:
Open Regedit
Click the directory:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Delete "C: \ WINDOWS \ Cmctl32.exe" on the right"
Disable Regedit and restart MSDOS.
Delete C: \ WINDOWS \ Cmctl32.exe
OK

9. BackDoor v2.00-v2.03
To clear a Trojan:
Open Regedit
Click the directory:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Delete c: \ windows \ notpa.exe/o = yes on the right
Disable Regedit and restart MSDOS.
Delete c: \ windows \ notpa.exe
Note: Do not delete the genuine notepad.exe notebook.
OK

10. BF Evolution v5.3.12
To clear a Trojan:
Open Regedit
Click the directory:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Delete (Default) = "" on the right ""
Disable Regedit and restart the computer again.
Convert C: \ windows \ system \. exe (space exe file)
OK

11. BioNet v0.84-0.92 + 2.21
Version 0.8X is running on Win95/98
Versions 0.9X and later run on Win95/98 and WinNT.
The client-server protocol is the same. Therefore, the NT client can black 95/98 infected machines, and the Win95/98 client can be black.
The system where NT is infected is exactly the same.
To clear a Trojan:
First, prepare a 98 boot disk, use it to start, enter the c: \ windows directory, and use attrib libupd ~ 1.
Exe-h
Command to make the trojan program visible, and then delete it.
After the floppy disk is extracted, restart the disk and enter 98. in the registry, find:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
WinLibUpdate = "c: \ windows \ libupdate.exe-hide"
Delete this subkey.

12. Bla v1.0 to 5.03
To clear a Trojan:
Open Regedit
Click the directory:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Delete Systemdoor = "C: \ WINDOWS \ System \ mprdll.exe"
Disable Regedit and restart the computer.
Find C: \ WINDOWS \ System \ mprdll.exe and
C: \ WINDOWS \ system \ rundll.exe
Note: Do not delete the correct C: \ WINDOWS \ RUNDLL. EXE file.
And delete two files.
OK

13. BladeRunner
To clear a Trojan:
Open Regedit
Click the directory:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
You can find System-Tray = "c: \ something \ something.exe"
The path on the right may be anything, so you do not need to delete it, because the trojan will be automatically added immediately, you need
Is to write down the trojan name and directory, and then return to the MS-DOS, find the trojan file and delete it.
Restart the computer and repeat the first step to find the trojan file in the Registry and delete the key.

14. Bobo v1.0-2.0
Clear Trojan v1.0
Open Regedit
Click the directory:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Delete DirrectLibrarySupport = "C: \ WINDOWS \ SYSTEM \ Dllclient.exe"
Disable Regedit and restart the computer.
Del c: \ Windows \ System \ Dllclient.exe
OK
Clear Trojan v2.0
Open Regedit
Click the directory:
HKEY_USER/. Default/Software/Mirabilis/ICQ/Agent/Apps/ICQ Accel/
ICQ Accel is a "hypothetical" primary key. Select the primary key of ICQ Accel and delete it.
Restart the computer. OK

15. BrainSpy vBeta
To clear a Trojan:
Open Regedit
Click the directory:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
There is ??? = "C: \ WINDOWS \ system \ BRAINSPY. exe"
??? Tag selection is randomly changed.
Disable Regedit and restart the computer
Find and delete C: \ WINDOWS \ system \ BRAINSPY. exe
OK

16. Cain and Abel v1.50-1.51
This is a password Trojan.
Way to MS-DOS
Find C: \ windows \ msabel32.exe
And delete it. OK

17. Canasson
To clear a Trojan:
Open the WIN. ini file
Search for c: \ msie5.exe and delete all primary keys.
Save win. ini
Restart the computer
Delete the c: \ msie5.exe Trojan file
OK

18. Chupachbra
To clear a Trojan:
Open the WIN. ini file
There are two lines under [Windows]
Run=winprot.exe