WiseCleaner Think Tank
Encounter difficult computer problems?
All about maintenance and optimization of your Windows System.
Nov 19, 2013
You are usually advised to run a virus scan to identify and get rid of such threats, although, these scanners are not always effective. Some viruses tend to form blockages and attack even the antivirus, making it blind. In such a situation, a user is commended to remove these viruses manually.
This editorial entails the systematic procedures to exterminate a virus and/or malware on your own. In order to do so, you should be knowledgeable enough to remember the name of virus your PC is encountering. These definitions and names are identified by your antivirus in the scan results. The antivirus is able to detect these threats, but lacks the ability to remove them. The exact virus terms can also be searched through the internet by keying symptoms. Once you are done with the name, accomplish the commands below.
Viruses tend to load themselves spontaneously as Windows boot. Keeping this in view, you need to boot into an environment that is unsupportive to such behavior. Boot in Safe Mode for a limited level of activity. For this purpose, restart your computer and continue pressing F8 until the Advanced Boot Menu appears. In this menu, choose Safe Mode with Command Prompt to pass through.
In the safe mode, explore your folders targeting the name of virus, logged earlier. It could exist on your Desktop, Start menu, and Directories. Navigate to its actual location as it just has a shortcut on the Desktop and/or Start menu. To trace the actual location, right click the icon and go to its Properties. On the Shortcut tab, jot down the full path address stated in the text field next to Target.
It is notified that a virus almost always has .exe file extension. Go to the exact folder, containing virus, identified in the previous step. Right click the virus icon and click Delete while holding the Shift key. Identify other doubtful icons in the same area; with the name containing random mix of letters and numbers; having .exe file extension; and modified in a most recent date. Delete all such files as well.
Doing this requires superfluous care. If you run these files mistakenly, the virus will become active even in the Safe Mode.
This step is to be performed if you are unable to find a shortcut icon of the virus on Desktop or Start menu, and you even do not know the name of virus. The most common folders for the presence of a virus are Local and Roaming at C:UsersUsernameAppdata. Another known location, in this respect, is C:ProgramData. Locate the viruses in these directories and Delete them straightaway.
Another way to exterminate the virus is by deleting the related registry keys. There are recognized registry paths towards certain keys that are vulnerable to the viruses. Press Windows key on your keyboard to view the Start menu. In the Search box, type ‘regedit’ and hit Enter to open the Registry Editor. In the left pane, navigate to the following listed keys. These viruses are identifiable on the right pane, as these are misspelled or named as a combination of random numbers, symbols, and letters. These registry keys along with the paths are listed as under. Press Windows key on your keyboard to view the Start menu. In the Search box, type ‘regedit’ and hit Enter to open the Registry Editor. In the left pane, navigate to the following listed keys.
Following are the routes, where you can find the traces of the identified virus. It is to be noted that 32-bit Windows has a single registry path, for 32-bit applications, as it does not run 64-bit applications.
On the other hand, a 64-bit Windows entails dual paths, 32-bit and 64-bit registry entries, for 32-bit and 64-bit applications respectively. A 64-bit registry path in a 64-bit Windows is similar to that of 32-bit registry path in 32-bit Windows. A 32-bit registry path, in a 64-bit Windows has an additional key extension, named as WOW6432Node, as demonstrated below.
Shell Folders and User Shell Folders
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer
Shell Folders and User Shell Folders
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorer
HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeMicrosoftWindowsCurrentVersionExplorer
Run, RunOnce, RunServices, and RunServicesOnce
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
HKEY_LOCAL_MACHINESOFTWAREWOW6432NodeMicrosoft\WindowsCurrentVersion
Run, RunOnce, and RunServices
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion
HKEY_CLASSES_ROOTexefileshellopencommand
HKEY_CLASSES_ROOTatfileshellopencommand
HKEY_CLASSES_ROOTpiffileshellopencommand
HKEY_CLASSES_ROOThtafileshellopencommand
HKEY_CLASSES_ROOTcomfileshellopencommand
After scrubbing the suspected files in your directories, restart your computer. Do not press any key this time and let the computer boot normally. You would most probably, notice a change in behavior of your Windows on this startup. At this stage, avoid running applications and programs until you are completely assured of your security.
Before proceeding to your routine operations, it is recommended to run a thorough security check with your incorporated antivirus program. Let it take time, as it would examine the entire directories on your drive. On a scan completion, it would definitely prompt you with alternative actions for any threats detected. It is highly supported to command and remove all such files.
By this point, your system would be free of any viruses and malwares. It would be more optimistic to refresh your registry with a safe free registry cleaner earlier to carrying on with your work. It does not take much time and reorganize your scattered entries; delete the invalid ones; and link up the related for an enhanced consummation. Try also to analyze the need of defragmentation and perform it, if required.