Forum
Aktif konular
Üyeler
Kurallar
Arama
100 Trojan Manuel Delete :) 100 Trojan Manuel Delete :)
-
1. Glaciers v1.1 v2.2
This is the best domestic Trojan Author: Huang Xin
Remove Trojans v1.1
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Find the following two paths, and delete
"C: \ windows \ system \ kernel32.exe"
"C: \ windows \ system \ sysexplr.exe"
Close Regedit
MSDOS way to restart
Delete the C: \ windows \ system \ kernel32.exe and C: \ windows \ system \ sysexplr.exe Trojans
Restart. OK
Remove Trojans v2.2
Server, users can freely path definition into the registry keys can be their own definition.
Therefore, it is not clear explanation.
You can see the registry to delete suspicious documents path.
MSDOS way to restart
Should be deleted in the registry relative Trojans
Restart Windows. OK
2. Acid Battery v1.0
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Delete the right of the Explorer = "C: \ WINDOWS \ expiorer.exe"
Close Regedit
MSDOS way to restart
Delete c: \ windows \ expiorer.exe Trojans
NOTE: Do not delete the correct ExpLorer.exe procedures, and they only i and L differences.
Restart. OK
3. Acid Shiver v1.0 + + lmacid 1.0Mod
Remove Trojans steps:
MSDOS way to restart
Delete the C: \ windows \ MSGSVR16.EXE
Then return to the Windows system
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Delete the right of the Explorer = "C: \ WINDOWS \ MSGSVR16.EXE"
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServices
Delete the right of the Explorer = "C: \ WINDOWS \ MSGSVR16.EXE"
Close Regedit
Restart. OK
MSDOS way to restart
Delete the C: \ windows \ wintour.exe then return to the Windows system
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Delete the right of the Wintour = "C: \ WINDOWS \ WINTOUR.EXE"
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServices
Delete the right of the Wintour = "C: \ WINDOWS \ WINTOUR.EXE"
Close Regedit
Restart. OK
4. Ambush
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the zka = "zcn32.exe"
Close Regedit
MSDOS way to restart
Delete the C: \ Windows \ zcn32.exe
Restart. OK
5. AOL Trojan
Remove Trojans steps:
MSDOS boot mode
Delete the C: \ command.exe (deleted before the document implied cancellation attribute)
NOTE: Do not delete really command.com file.
Delete the C: \ americ ~ 1.0 \ ~ 1.exe buddyl (delete to remove the document implied attributes)
Delete the C: \ windows \ system \ norton ~ 1 \ regist ~ 1.exe (deleted before the document implied cancellation attribute)
Open WIN.INI file
[WINDOWS] Below "run =" and the "load =" Trojan horses are loaded to the path, we must remove them:
Run =
Load =
Preservation of WIN.INI
To correct the registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Delete the right of the WinProfile = c: \ command.exe
Close Regedit and restart Windows. OK
6. Asylum v0.1, 0.1.1, 0.1.2, 0.1.3 + Mini 1.0, 1.1
Remove Trojans steps:
NOTE: Trojan Horse program is the default file name wincmp32.exe, however procedures can be arbitrarily changed the file name.
We can amend the Trojans two system.ini and win.ini file to remove the Trojan.
System.ini file open
[BOOT] Below is a "shell = file name." Is the correct file name explorer.exe
If not, "explorer.exe", then that document is Trojan horse to find it out, delete.
Preservation from system.ini
Open win.ini file
[WINDOWS] Below is a run =
If you see a path behind = file name, it must be deleted.
The right should be run = behind nothing.
= Path behind the document is a Trojan horse, it Find out deleted.
Preservation from win.ini.
OK
7. AttackFTP
Remove Trojans steps:
Open win.ini file
[WINDOWS] There are load = wscan.exe
Delete wscan.exe, is the correct load =
Preservation from win.ini.
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Delete the right of the Reminder = "wscan.exe / s"
Close Regedit and restart to MSDOS system
Delete the C: \ windows \ system \ wscan.exe
OK
8. Back Construction 1.0 - 2.5
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Delete the right of the "C: \ WINDOWS \ Cmctl32.exe"
Close Regedit and restart to MSDOS system
Delete the C: \ WINDOWS \ Cmctl32.exe
OK
9. BackDoor v2.00 - v2.03
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Delete the right of the 'c: \ windows \ notpa.exe / o = yes'
Close Regedit and restart to MSDOS system
Delete c: \ windows \ notpa.exe
NOTE: Do not delete real notepad.exe notebook procedures
OK
10. BF Evolution v5.3.12
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Delete the right of the (Default) = ""
Regedit closed again to restart your computer.
C: \ windows \ system \. Exe (box exe file)
OK
11. BioNet v0.84 - 0.92 + 2.21
0.8X version is running in the Win95/98
0.9X above Win95/98 a run in the last two and WinNT software
Customers - server protocols is the same and, therefore, 95/98 and NT clients to be infected machines, and customers can black Win95/98
NT infected system completely the same.
Remove Trojans steps:
First prepare a 98 boot disk, and start using it, enter c: \ windows directory with attrib libupd ~ 1.
Exe-h
Let Trojan program that order, and then delete it.
After the restart floppy out into 98, in the registry found:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Of the bond WinLibUpdate = "c: \ windows \ libupdate.exe-hide"
Deletion of this bond.
12. Bla v1.0 - 5.03
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Delete the right of the Systemdoor = "C: \ WINDOWS \ System \ mprdll.exe"
Close Regedit and restart your computer.
Find C: \ WINDOWS \ System \ mprdll.exe and
C: \ WINDOWS \ system \ rundll.exe
NOTE: Do not delete the C: \ WINDOWS \ RUNDLL.EXE correct documents.
And delete the two documents.
OK
13. BladeRunner
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
- System Tray can be found = "c: \ something \ something.exe"
The right of the path is anything, then you do not need to remove it, because the Trojans will be immediately automatically, you need to
Trojan is recorded with the name directory, and then back to MS-DOS, the Trojans find this document and removed.
Restart the computer, and then repeat the first step, in the registry to find documents and delete this Trojan button.
14. Bobo v1.0 - 2.0
Remove Trojans v1.0
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Delete the right of the DirrectLibrarySupport = "C: \ WINDOWS \ SYSTEM \ Dllclient.exe"
Close Regedit and restart your computer.
DEL C: \ Windows \ System \ Dllclient.exe
OK
Remove Trojans v2.0
Open registry Regedit
Click directory to:
HKEY_USER / .Default / Software / Mirabilis / ICQ / Agent / Apps / ICQ Accel /
ICQ Accel is a "false impression" of the button, select ICQ Accel primary key and delete it.
Restart the computer. OK
15. BrainSpy vBeta
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Right?? = "C: \ WINDOWS \ system \ BRAINSPY. Exe"
?? Labels election is arbitrarily changed.
Close Regedit and restart the computer
View Delete C: \ WINDOWS \ system \ BRAINSPY. Exe
OK
16. Cain and Abel v1.50 - 1.51
This is a Trojan Password
Entered the MS-DOS mode
Find C: \ windows \ msabel32.exe
And delete it. OK
17. Canasson
Remove Trojans steps:
Open WIN.INI file
View c: \ msie5.exe, delete all the keys
Preservation win.ini
Restart the computer
Delete c: \ documents msie5.exe Trojans
OK
18. Chupachbra
Remove Trojans steps:
Open WIN.INI file
[Windows] There are two firms
Run = winprot.exe
Load = winprot.exe
Delete winprot.exe
Run =
Load =
Preservation Win.ini, then open the registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ MicroSoft \ Windows \ CurrentVersion \ Run
Delete the right of the 'System Protect' = winprot.exe
Restart Windows
Find C: \ windows \ system \ winprot.exe, and delete.
OK
19. Coma v1.09
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ MicroSoft \ Windows \ CurrentVersion \ Run
Delete the right of the 'RunTime' = C: \ windows \ msgsrv36.exe
Restart Windows
Find C: \ windows \ msgsrv36.exe, and delete.
OK
20. Control
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ MicroSoft \ Windows \ CurrentVersion \ Run
Delete the right of the Load MSchv Drv = C: \ windows \ system \ MSchv.exe
Preservation Regedit, restart Windows
Find C: \ windows \ system \ MSchv.exe, and delete.
OK
21. Dark Shadow
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ MicroSoft \ Windows \ CurrentVersion \ RunServices
Delete the right of the winfunctions = "winfunctions.exe"
Preservation Regedit, restart Windows
Find C: \ windows \ system \ winfunctions.exe, and delete.
OK
22. DeepThroat v1.0 - 3.1 + Mod (Foreplay)
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ MicroSoft \ Windows \ CurrentVersion \ Run
Version 1.0
Delete the right of the item 'System32' = c: \ windows \ system32.exe
Version 2.0-3.1
Delete the right of the item 'SystemTray' = 'Systray.exe'
Preservation Regedit, restart Windows
Version 1.0 delete c: \ windows \ system32.exe
Version 2.0-3.1
Delete c: \ windows \ system \ systray.exe
OK
23. Delta Source v0.5 - 0.7
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ MicroSoft \ Windows \ CurrentVersion \ Run
Delete the right of the item: DS admin tool = C: \ TEMPSERVER.exe
Preservation Regedit, restart Windows
Find C: \ TEMPSERVER.exe, and delete it.
OK
24. Der Spaeher v3
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ MicroSoft \ Windows \ CurrentVersion \ Run
Delete the right of the items: explore = "c: \ windows \ system \ dkbdll.exe"
Preservation Regedit, restart Windows
Delete c: \ windows \ system \ dkbdll.exe Trojans document.
OK
--
25. Doly v1.1 - v1.7 (SE)
Remove Trojans V1.1-V1.5 version:
Several versions of this Trojan Trojan program on three, two more projects are registered, but also to Win.ini project.
First of all, access to MS-DOS, deleted three Trojan program, but more than a Trojan version V1.35 document mdm.exe.
To delete all of the following:
C: \ WINDOWS \ SYSTEM \ tesk.sys
C: \ WINDOWS \ Start Menu \ Programs \ Startup \ mstesk.exe
C: \ Program Files \ MStesk.exe
C: \ Program Files \ Mdm.exe
Restart Windows.
Then, open the win.ini file
Below find [WINDOWS] load = c: \ windows \ system \ tesk.exe item to delete path, change the load =
Preservation win.ini file.
Finally, modify the registry Regedit
Find the following two items and delete them
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
Ms tesk = "C: \ Program Files \ MStesk.exe"
And
HKEY_USER \. Default \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
Ms tesk = "C: \ Program Files \ MStesk.exe"
Zaixin find HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ ss
This group is the Trojans all parameters and settings of the server to delete this item all ss group.
Close preservation Regedit.
Also open the C: \ AUTOEXEC.BAT file, delete
@ Echo off copy c: \ sys.lon c: \ windows \ StartMenu \ Startup Items \
Del c: \ win.reg
Close preservation autoexec.bat.
OK
Remove Trojans V1.6 version:
The Trojan runs, through 98 will be closed to normal operation, only RESET button. Completely wipe out the following steps:
1. Open the Control Panel - Add Remove Programs - removing the memory manager 3.0, which is Trojan horse, but
It is not a Trojan EXE files will be removed.
2. Qidongpanqidong with 98 or DOS (with RESET button), turn on C: \, edit AUTOEXEC. BAT, the following elements
Delete:
@ Echo off copy c: \ sys.lon c: \ windows \ startm ~ 1 \ programs \ startup \ mdm.exe
Del c: \ win.reg
Preservation AUTOEXEC. BAT documents and return to DOS, in the C: \ directory to delete root Trojans documents:
Del sys.lon
Del windows \ startm ~ 1 \ programs \ startup \ mdm.exe
Del progra ~ 1 \ mdm.exe
3. Floppy disks out of a restart, after entering 98 of the c: \ program files \ directory under the directory memory manager
Delete.
Remove Trojans V1.7 version:
First, open the C: \ AUTOEXEC.BAT file, delete
@ Echo off copy c: \ sys.lon c: \ windows \ startm ~ 1 \ programs \ startup \ mdm.exe
Del c: \ win.reg
Close preservation autoexec.bat
Then open the registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ MicroSoft \ Windows \ CurrentVersion \ Run
Find c: \ windows \ system \ mdm.exe path and delete this item
Click directory to:
HKEY_USER / .Default / Software / Marabilis / ICQ / Agent / Apps /
Find, "C: \ windows \ system \ kernal32.exe" path and delete this item
Close preservation Regedit. Restart Windows.
Finally, delete the following Trojan horse:
C: \ sys.lon
C: \ iecookie.exe
C: \ windows \ start menu \ programs \ startup \ mdm.exe
C: \ program files \ mdm.exe
C: \ windows \ system \ mdm.exe
C: \ windows \ system \ kernal32.exe
NOTE: A is kernal32
OK
75. Revenger v1.0 - 1.5
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: AppName = "C: \ ... \ server.exe"
Close preservation Regedit and restart Windows
In the c: \ windows View corresponding Trojans server.exe and delete
OK
76. Ripper
Remove Trojans steps:
System.ini file open
Will shell = explorer.exe sysrunt.exe
Read explorer.exe shell =
Close preservation system.ini, restart Windows
In the c: \ windows View corresponding Trojans sysrunt.exe and delete
OK
77. Satans Back Door v1.0
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServices \
Delete the right of the item: sysprot protection = "C: \ windows \ sysprot.exe"
Close preservation Regedit and restart Windows
Delete the C: \ windows \ sysprot.exe
OK
78. Schwindler v1.82
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: User.exe = "C: \ WINDOWS \ User.exe"
Close preservation Regedit and restart Windows
Delete the C: \ WINDOWS \ User.exe
OK
79. Setup Trojan (Sshare) + Mod Small Share
This sharing of the hidden-C Trojan
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Network \ LanMan \
Select the right side of the 'C $' projects, and to delete all
Close preservation Regedit and restart Windows
OK
80. ShadowPhyre v2.12.38 - 2.X
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: WinZipp = "C: \ WINDOWS \ SYSTEM \ WinZipp.exe / nomsg"
Or WinZip = "C: \ WINDOWS \ SYSTEM \ WinZip.exe / nomsg"
Close preservation Regedit and restart Windows
Delete the C: \ WINDOWS \ WinZipp.exe or C: \ WINDOWS \ WinZip.exe
OK
81. Share All
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Network \ LanMan \
Here you will see all of the Trojans shared by the symbol of your hard drive, they removed one by one.
82. ShitHeap
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServices \
Delete the right of the item: recycle-bin = "c: \ windows \ system \ recycle-bin.exe"
- Or recycle bin = "c: \ windows \ system.exe"
Close preservation Regedit and restart Windows
Delete c: \ windows \ system \ recycle-bin.exe or c: \ windows \ system.exe
OK
83. Snid v1 - 2
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: System-tray = 'c: \ windows \ temp $ 01.exe'
Close preservation Regedit and restart Windows
Delete c: \ windows \ temp $ 01.exe
OK
84. Softwarst
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: NetApp = C: \ windows \ system \ winserv.exe
Close preservation Regedit and restart Windows
Delete the C: \ windows \ system \ winserv.exe
OK
85. Spirit 2000 Beta - v1.2 (fixed)
Remove Trojans v Beta Version:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: internet = "c: \ windows \ netip.exe"
Close preservation Regedit
Open win.ini file
View to run = c: \ windows \ netip.exe
Changes: run =
Close preservation win.ini, restart Windows
Delete c: \ windows \ netip.exe and c: \ windows \ netip.exe
OK
Remove Trojans v 1.2 version:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: SystemTray = "c: \ windows \ windown.exe"
Close preservation Regedit and restart Windows
Delete c: \ windows \ windown.exe
OK
Remove Trojans v 1.2 (fixed) Version:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: Server 1.2.exe = "c: \ windows \ server 1.2.exe"
Close preservation Regedit and restart Windows
Delete c: \ windows \ server 1.2.exe
OK
86. Stealth v2.0 - 2.16
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: Winprotect System = "C: \ WINDOWS \ winprotecte.exe
Close preservation Regedit and restart Windows
Delete the C: \ WINDOWS \ winprotecte.exe
OK
87. SubSeven - Introduction
Remove Trojans v1.0 - 1.1:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: SystemTrayIcon = "C: \ WINDOWS \ SysTrayIcon.Exe"
Close preservation Regedit and restart Windows
Delete the C: \ WINDOWS \ SysTrayIcon.Exe
OK
Remove Trojans v1.3 - 1.4 - 1.5:
Open win.ini file
View to run = nodll
Changed to run =
Close preservation win.ini, restart Windows
Delete c: \ windows \ nodll.exe
OK
Remove Trojans v1.6:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: SystemTray = "SysTray.Exe"
Close preservation Regedit and restart Windows
Delete the C: \ windows \ systray.exe
OK
Remove Trojans v1.7:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServices
\
View to the right item: C: \ windows \ kernel16.dl and delete
Close preservation Regedit and restart Windows
Delete the C: \ windows \ kernel16.dl
OK
Remove Trojans v1.8:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run and
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServices
\
Find the right of the item to: c: \ windows \ system.ini., And delete
Close preservation Regedit.
Open win.ini file
View to run = kernel16.dl
Changed to run =
Close preservation win.ini.
System.ini file open
View to the shell = explorer.exe kernel32.dl
Changes to explorer.exe shell =
Close preservation system.ini, restart Windows
Delete the C: \ windows \ kernel16.dl
OK
Remove Trojans v1.9 - 1.9b:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run and
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServices
\
Delete the right of the item: RegistryScan = "rundll16.exe"
Close preservation Regedit and restart Windows
Delete the C: \ windows \ rundll16.exe
OK
Remove Trojans v2.0:
System.ini file open
View to the shell = explorer.exe trojanname.exe
Changes to explorer.exe shell =
Close preservation system.ini, restart Windows
Delete c: \ windows \ rundll16.exe
OK
Remove Trojans v2.1 - 2.1 SubStealth Gold + + 2.1.3-2.1.3 Mod MUIE + 2.1 Bonus:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run and
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServices
\
Delete the right of the item: WinLoader = MSREXE.EXE
Hkey_classes_root \ exefile \ shell \ open \ command
Will be changed to the right of the item: @ = "\"% 1 \ "% *"
Close preservation Regedit.
Open win.ini file
View and to run = msrexe.exe
Load = msrexe.exe
Changed to run =
Load =
Close preservation win.ini.
System.ini file open
View to the shell = explore.exe msrexe.exe
Changes to explorer.exe shell =
Close preservation system.ini, restart Windows
Delete the C: \ windows \ msrexe.exe
C: \ windows \ system \ systray.dll
OK
V2.2b1 remove Trojans:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run and
Delete the right of the item: Loader = "c: \ windows \ system \ ***"
Note: Loader and documents were randomly change the
Close preservation Regedit.
Open win.ini file
Changed to run =
Close preservation win.ini.
System.ini file open
Changes to explorer.exe shell =
Close preservation system.ini, restart Windows
Delete the Trojans should be relative
OK
88. Telecommando 1.54
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: SystemApp = "ODBC.EXE"
Close preservation Regedit and restart Windows
Delete the C: \ windows \ system \ ODBC.EXE
OK
--
89. The Unexplained
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: InetB00st = "C: \ WINDOWS \ TEMPINETB00ST.EXE"
Close preservation Regedit and restart Windows
Delete the C: \ WINDOWS \ TEMPINETB00ST.EXE
OK
90. Thing v1.00 - 1.60
Remove Trojans v1.00-1.12:
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: (Default) = "C: \ some \ path \ here \ thing.exe"
There are also some in:
HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ control \ SessionManager \ Known16DL
Ls \
Delete the right of the item: wsasrv.exe = "wsasrv.exe"
Close preservation Regedit and restart Windows
Delete the C: \ some \ path \ here \ thing.exe
OK
Remove Trojans v 1.20 version:
MS_DOS enter:
Del winspc13.exe
Del ms097.exe
System.ini file open
View to the shell = explorer.exe ms097.exe
Changes: shell = explorer.exe
Close preservation system.ini, restart Windows
OK
Remove Trojans v1.50 version:
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
The project path and file name is changed randomly and inspect suspicious documents path, it will be deleted.
Close preservation Regedit.
System.ini file open
View to the shell = explorer.exe behind the Trojans document
Changes: shell = explorer.exe
Close preservation system.ini, restart Windows
Trojan horse to delete the corresponding documents
OK
Remove Trojans v1.50 version:
MS_DOS enter:
Del winspc13.exe
Del ms097.exe
System.ini file open
View to the shell = explorer.exe behind the Trojans document
Changes: shell = explorer.exe
Close preservation system.ini, restart Windows
Trojan horse to delete the corresponding documents
OK
91. Transmission Scount v1.1 - 1.2
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: Kernel16 "= C: \ WINDOWS \ Kernel16.exe
Close preservation Regedit and restart Windows
Delete the C: \ WINDOWS \ Kernel16.exe
OK
92. Trinoo
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: System Services = service.exe
Close preservation Regedit and restart Windows
Delete the C: \ windows \ system \ service.exe
OK
93. Trojan Cow v1.0
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: SysWindow = "C: \ WINDOWS \ Syswindow.exe"
Close preservation Regedit and restart Windows
Delete the C: \ WINDOWS \ Syswindow.exe
OK
94. TryIt
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: Rc5Dec = C: \ Program Files \ Internet Explorer \ _.exe-guistart
Close preservation Regedit and restart Windows
Delete the C: \ Program Files \ Internet Explorer \ _.exe
OK
95. Vampire v1.0 - 1.2
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: Sockets = "c: \ windows \ system \ Sockets.exe"
Close preservation Regedit and restart Windows
Delete c: \ windows \ system \ Sockets.exe
OK
96. WarTrojan v1.0 - 2.0
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: Kernel32 = "C: \ somepath \ server.exe"
Close preservation Regedit and restart Windows
Delete the C: \ somepath \ server.exe
OK
97. WCrat v1.2b
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: MS Windows System Explorer = "C: \ WINDOWS \ sysexplor.exe"
Close preservation Regedit and restart Windows
Delete the C: \ WINDOWS \ sysexplor.exe
OK
98. WebEx (v1.2, 1.3, and 1.4)
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: RunDl32 = "C: \ windows \ system \ task_bar"
Close preservation Regedit and restart Windows
Delete the C: \ windows \ system \ task_bar.exe and c: \ windows \ system \ msinet.ocx
OK
99. WinCrash v2
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: WinManager = "c: \ windows \ server.exe"
Close preservation Regedit
Open win.ini file
View to run = c: \ windows \ server.exe
Changes: run =
Win.ini kept closed, restart Windows
Delete c: \ windows \ server.exe
OK
100. WinCrash
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: MsManager = "SERVER.EXE"
Close preservation Regedit and restart Windows
Delete the C: \ windows \ system \ SERVER.EXE
OK
101. Xanadu v1.1
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: SETUP = "c: \ somepath \ setup.exe"
Close preservation Regedit and restart Windows
Delete c: \ somepath \ setup.exe
OK
102. Xplorer v1.20
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: PCX = "C: \ WINDOWS \ system \ PCX.exe"
Close preservation Regedit and restart Windows
Delete the C: \ WINDOWS \ system \ PCX.exe
OK
103. Xtcp v2.0 - 2.1
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete the right of the item: msgsv32 = "C: \ WINDOWS \ system \ winmsg32.exe"
Close preservation Regedit and restart Windows
Delete the C: \ WINDOWS \ system \ winmsg32.exe
OK
104. YAT
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServices \
Delete the right of the item: Batterieanzeige = 'c: \ pathnamehere \ server.exe / nomsg'
Close preservation Regedit and restart Windows
Delete c: \ pathnamehere \ server.exe
OK
-
paylasım ıcın saol cok lazım olur bu bana :D
-
Ba$lıkta 1oo tane dior ama içerde 1o4 tane var :/ insanları kandırmaya utanmıyormusunuz.payla$ım içinde ayrıca mersi tabikide.
-
bunların hepsi bir bat dosyası altında toplanmalı bence.. emegine saglık
Kısayol
Şikayet
Özel Mesaj
Alıntı yap
Toplam Hit: 12463 Toplam Mesaj: 4
Cevapla