Remove 104 trojans by iam38haxor

VIEWS: 10 PAGES: 19

More Info
									There are many novice on the little understanding of security issues, the
computer kind of a Trojan horse does not know how to remove the sample.
Although
However, there are now a lot of the removal of Trojan horse software can
automatically remove Trojans. But you do not know what is in the Trojan
Horse
Computer run, if you read this article, you will understand the principle
of Trojan.
Although the Trojans collected a lot of information, but I can guarantee
that all correct.
If the Trojans are enthusiastic users of the information that can be made
on this site. Thank you for your support.

1. Glaciers v1.1 v2.2
This is the best domestic Trojan Author: Huang Xin

Remove Trojans v1.1
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run
Find the following two paths, and delete
"C: \ windows \ system \ kernel32.exe"
"C: \ windows \ system \ sysexplr.exe"
Close Regedit
MSDOS way to restart
Delete the C: \ windows \ system \ kernel32.exe and C: \ windows \ system
\ sysexplr.exe Trojans
Restart. OK

Remove Trojans v2.2
Server, users can freely path definition into the registry keys can be
their own definition.
Therefore, it is not clear explanation.
You can see the registry to delete suspicious documents path.
MSDOS way to restart
Should be deleted in the registry relative Trojans
Restart Windows. OK

2. Acid Battery v1.0
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run
Delete the right of the Explorer = "C: \ WINDOWS \ expiorer.exe"
Close Regedit
MSDOS way to restart
Delete c: \ windows \ expiorer.exe Trojans
NOTE: Do not delete the correct ExpLorer.exe procedures, and they only i
and L differences.
Restart. OK

3. Acid Shiver v1.0 + + lmacid 1.0Mod
Remove Trojans steps:
MSDOS way to restart
Delete the C: \ windows \ MSGSVR16.EXE
Then return to the Windows system
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run
Delete the right of the Explorer = "C: \ WINDOWS \ MSGSVR16.EXE"
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
RunServices
Delete the right of the Explorer = "C: \ WINDOWS \ MSGSVR16.EXE"
Close Regedit
Restart. OK
MSDOS way to restart
Delete the C: \ windows \ wintour.exe then return to the Windows system
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run
Delete the right of the Wintour = "C: \ WINDOWS \ WINTOUR.EXE"
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
RunServices
Delete the right of the Wintour = "C: \ WINDOWS \ WINTOUR.EXE"
Close Regedit
Restart. OK

4. Ambush
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the zka = "zcn32.exe"
Close Regedit
MSDOS way to restart
Delete the C: \ Windows \ zcn32.exe
Restart. OK

5. AOL Trojan
Remove Trojans steps:
MSDOS boot mode
Delete the C: \ command.exe (deleted before the document implied
cancellation attribute)
NOTE: Do not delete really command.com file.
Delete the C: \ americ ~ 1.0 \ ~ 1.exe buddyl (delete to remove the
document implied attributes)
Delete the C: \ windows \ system \ norton ~ 1 \ regist ~ 1.exe (deleted
before the document implied cancellation attribute)
Open WIN.INI file
[WINDOWS] Below "run =" and the "load =" Trojan horses are loaded to the
path, we must remove them:
Run =
Load =
Preservation of WIN.INI
To correct the registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run
Delete the right of the WinProfile = c: \ command.exe
Close Regedit and restart Windows. OK

6. Asylum v0.1, 0.1.1, 0.1.2, 0.1.3 + Mini 1.0, 1.1
Remove Trojans steps:
NOTE: Trojan Horse program is the default file name wincmp32.exe, however
procedures can be arbitrarily changed the file name.
We can amend the Trojans two system.ini and win.ini file to remove the
Trojan.
System.ini file open
[BOOT] Below is a "shell = file name." Is the correct file name
explorer.exe
If not, "explorer.exe", then that document is Trojan horse to find it
out, delete.
Preservation from system.ini
Open win.ini file
[WINDOWS] Below is a run =
If you see a path behind = file name, it must be deleted.
The right should be run = behind nothing.
= Path behind the document is a Trojan horse, it Find out deleted.
Preservation from win.ini.
OK

7. AttackFTP
Remove Trojans steps:
Open win.ini file
[WINDOWS] There are load = wscan.exe
Delete wscan.exe, is the correct load =
Preservation from win.ini.
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run
Delete the right of the Reminder = "wscan.exe / s"
Close Regedit and restart to MSDOS system
Delete the C: \ windows \ system \ wscan.exe
OK

8. Back Construction 1.0 - 2.5
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run
Delete the right of the "C: \ WINDOWS \ Cmctl32.exe"
Close Regedit and restart to MSDOS system
Delete the C: \ WINDOWS \ Cmctl32.exe
OK
9. BackDoor v2.00 - v2.03
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run
Delete the right of the 'c: \ windows \ notpa.exe / o = yes'
Close Regedit and restart to MSDOS system
Delete c: \ windows \ notpa.exe
NOTE: Do not delete real notepad.exe notebook procedures
OK

10. BF Evolution v5.3.12
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run
Delete the right of the (Default) = ""
Regedit closed again to restart your computer.
C: \ windows \ system \. Exe (box exe file)
OK

11. BioNet v0.84 - 0.92 + 2.21
0.8X version is running in the Win95/98
0.9X above Win95/98 a run in the last two and WinNT software
Customers - server protocols is the same and, therefore, 95/98 and NT
clients to be infected machines, and customers can black Win95/98
NT infected system completely the same.
Remove Trojans steps:
First prepare a 98 boot disk, and start using it, enter c: \ windows
directory with attrib libupd ~ 1.
Exe-h
Let Trojan program that order, and then delete it.
After the restart floppy out into 98, in the registry found:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Of the bond WinLibUpdate = "c: \ windows \ libupdate.exe-hide"
Deletion of this bond.

12. Bla v1.0 - 5.03
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run
Delete the right of the Systemdoor = "C: \ WINDOWS \ System \ mprdll.exe"
Close Regedit and restart your computer.
Find C: \ WINDOWS \ System \ mprdll.exe and
C: \ WINDOWS \ system \ rundll.exe
NOTE: Do not delete the C: \ WINDOWS \ RUNDLL.EXE correct documents.
And delete the two documents.
OK
13. BladeRunner
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run
- System Tray can be found = "c: \ something \ something.exe"
The right of the path is anything, then you do not need to remove it,
because the Trojans will be immediately automatically, you need to
Trojan is recorded with the name directory, and then back to MS-DOS, the
Trojans find this document and removed.
Restart the computer, and then repeat the first step, in the registry to
find documents and delete this Trojan button.

14. Bobo v1.0 - 2.0
Remove Trojans v1.0
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run
Delete the right of the DirrectLibrarySupport = "C: \ WINDOWS \ SYSTEM \
Dllclient.exe"
Close Regedit and restart your computer.
DEL C: \ Windows \ System \ Dllclient.exe
OK
Remove Trojans v2.0
Open registry Regedit
Click directory to:
HKEY_USER / .Default / Software / Mirabilis / ICQ / Agent / Apps / ICQ
Accel /
ICQ Accel is a "false impression" of the button, select ICQ Accel primary
key and delete it.
Restart the computer. OK

15. BrainSpy vBeta
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run
Right?? = "C: \ WINDOWS \ system \ BRAINSPY. Exe"
?? Labels election is arbitrarily changed.
Close Regedit and restart the computer
View Delete C: \ WINDOWS \ system \ BRAINSPY. Exe
OK

16. Cain and Abel v1.50 - 1.51
This is a Trojan Password
Entered the MS-DOS mode
Find C: \ windows \ msabel32.exe
And delete it. OK

17. Canasson
Remove Trojans steps:
Open WIN.INI file
View c: \ msie5.exe, delete all the keys
Preservation win.ini
Restart the computer
Delete c: \ documents msie5.exe Trojans
OK

18. Chupachbra
Remove Trojans steps:
Open WIN.INI file
[Windows] There are two firms
Run = winprot.exe
Load = winprot.exe
Delete winprot.exe
Run =
Load =
Preservation Win.ini, then open the registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ MicroSoft \ Windows \ CurrentVersion \
Run
Delete the right of the 'System Protect' = winprot.exe
Restart Windows
Find C: \ windows \ system \ winprot.exe, and delete.
OK

19. Coma v1.09
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ MicroSoft \ Windows \ CurrentVersion \
Run
Delete the right of the 'RunTime' = C: \ windows \ msgsrv36.exe
Restart Windows
Find C: \ windows \ msgsrv36.exe, and delete.
OK

20. Control
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ MicroSoft \ Windows \ CurrentVersion \
Run
Delete the right of the Load MSchv Drv = C: \ windows \ system \
MSchv.exe
Preservation Regedit, restart Windows
Find C: \ windows \ system \ MSchv.exe, and delete.
OK

21. Dark Shadow
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ MicroSoft \ Windows \ CurrentVersion \
RunServices
Delete the right of the winfunctions = "winfunctions.exe"
Preservation Regedit, restart Windows
Find C: \ windows \ system \ winfunctions.exe, and delete.
OK

22. DeepThroat v1.0 - 3.1 + Mod (Foreplay)
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ MicroSoft \ Windows \ CurrentVersion \
Run
Version 1.0
Delete the right of the item 'System32' = c: \ windows \ system32.exe
Version 2.0-3.1
Delete the right of the item 'SystemTray' = 'Systray.exe'
Preservation Regedit, restart Windows
Version 1.0 delete c: \ windows \ system32.exe
Version 2.0-3.1
Delete c: \ windows \ system \ systray.exe
OK

23. Delta Source v0.5 - 0.7
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE   \ MicroSoft \ Windows \ CurrentVersion \
Run
Delete the right of the item:   DS admin tool = C: \ TEMPSERVER.exe
Preservation Regedit, restart   Windows
Find C: \ TEMPSERVER.exe, and   delete it.
OK

24. Der Spaeher v3
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ MicroSoft \ Windows \ CurrentVersion \
Run
Delete the right of the items: explore = "c: \ windows \ system \
dkbdll.exe"
Preservation Regedit, restart Windows
Delete c: \ windows \ system \ dkbdll.exe Trojans document.
OK

--

25. Doly v1.1 - v1.7 (SE)
Remove Trojans V1.1-V1.5 version:
Several versions of this Trojan Trojan program on three, two more
projects are registered, but also to Win.ini project.
First of all, access to MS-DOS, deleted three Trojan program, but more
than a Trojan version V1.35 document mdm.exe.
To delete all of the following:
C: \ WINDOWS \ SYSTEM \ tesk.sys
C: \ WINDOWS \ Start Menu \ Programs \ Startup \ mstesk.exe
C: \ Program Files \ MStesk.exe
C: \ Program Files \ Mdm.exe
Restart Windows.
Then, open the win.ini file
Below find [WINDOWS] load = c: \ windows \ system \ tesk.exe item to
delete path, change the load =
Preservation win.ini file.
Finally, modify the registry Regedit
Find the following two items and delete them
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
Ms tesk = "C: \ Program Files \ MStesk.exe"
And
HKEY_USER \. Default \ Software \ Microsoft \ Windows \ CurrentVersion \
Run
Ms tesk = "C: \ Program Files \ MStesk.exe"
Zaixin find HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \
CurrentVersion \ ss
This group is the Trojans all parameters and settings of the server to
delete this item all ss group.
Close preservation Regedit.
Also open the C: \ AUTOEXEC.BAT file, delete
@ Echo off copy c: \ sys.lon c: \ windows \ StartMenu \ Startup Items \
Del c: \ win.reg
Close preservation autoexec.bat.
OK
Remove Trojans V1.6 version:
The Trojan runs, through 98 will be closed to normal operation, only
RESET button. Completely wipe out the following steps:
1. Open the Control Panel - Add Remove Programs - removing the memory
manager 3.0, which is Trojan horse, but
It is not a Trojan EXE files will be removed.
2. Qidongpanqidong with 98 or DOS (with RESET button), turn on C: \, edit
AUTOEXEC. BAT, the following elements
Delete:
@ Echo off copy c: \ sys.lon c: \ windows \ startm ~ 1 \ programs \
startup \ mdm.exe
Del c: \ win.reg
Preservation AUTOEXEC. BAT documents and return to DOS, in the C: \
directory to delete root Trojans documents:
Del sys.lon
Del windows \ startm ~ 1 \ programs \ startup \ mdm.exe
Del progra ~ 1 \ mdm.exe
3. Floppy disks out of a restart, after entering 98 of the c: \ program
files \ directory under the directory memory manager
Delete.
Remove Trojans V1.7 version:
First, open the C: \ AUTOEXEC.BAT file, delete
@ Echo off copy c: \ sys.lon c: \ windows \ startm ~ 1 \ programs \
startup \ mdm.exe
Del c: \ win.reg
Close preservation autoexec.bat
Then open the registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ MicroSoft \ Windows \ CurrentVersion \
Run
Find c: \ windows \ system \ mdm.exe path and delete this item
Click directory to:
HKEY_USER / .Default / Software / Marabilis / ICQ / Agent / Apps /
Find, "C: \ windows \ system \ kernal32.exe" path and delete this item
Close preservation Regedit. Restart Windows.
Finally, delete the following Trojan horse:
C: \ sys.lon
C: \ iecookie.exe
C: \ windows \ start menu \ programs \ startup \ mdm.exe
C: \ program files \ mdm.exe
C: \ windows \ system \ mdm.exe
C: \ windows \ system \ kernal32.exe
NOTE: A is kernal32
OK

75. Revenger v1.0 - 1.5
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: AppName = "C: \ ... \ server.exe"
Close preservation Regedit and restart Windows
In the c: \ windows View corresponding Trojans server.exe and delete
OK

76. Ripper
Remove Trojans steps:
System.ini file open
Will shell = explorer.exe sysrunt.exe
Read explorer.exe shell =
Close preservation system.ini, restart Windows
In the c: \ windows View corresponding Trojans sysrunt.exe and delete
OK

77. Satans Back Door v1.0
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
RunServices \
Delete the right of the item: sysprot protection = "C: \ windows \
sysprot.exe"
Close preservation Regedit and restart Windows
Delete the C: \ windows \ sysprot.exe
OK

78. Schwindler v1.82
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: User.exe = "C: \ WINDOWS \ User.exe"
Close preservation Regedit and restart Windows
Delete the C: \ WINDOWS \ User.exe
OK

79. Setup Trojan (Sshare) + Mod Small Share
This sharing of the hidden-C Trojan
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Network \ LanMan \


Select the right side of the 'C $' projects, and to delete all
Close preservation Regedit and restart Windows
OK

80. ShadowPhyre v2.12.38 - 2.X
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: WinZipp = "C: \ WINDOWS \ SYSTEM \
WinZipp.exe / nomsg"
Or WinZip = "C: \ WINDOWS \ SYSTEM \ WinZip.exe / nomsg"
Close preservation Regedit and restart Windows
Delete the C: \ WINDOWS \ WinZipp.exe or C: \ WINDOWS \ WinZip.exe
OK


81. Share All
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Network \ LanMan \


Here you will see all of the Trojans shared by the symbol of your hard
drive, they removed one by one.

82. ShitHeap
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
RunServices \
Delete the right of the item: recycle-bin = "c: \ windows \ system \
recycle-bin.exe"
- Or recycle bin = "c: \ windows \ system.exe"
Close preservation Regedit and restart Windows
Delete c: \ windows \ system \ recycle-bin.exe or c: \ windows \
system.exe
OK

83. Snid v1 - 2
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: System-tray = 'c: \ windows \ temp $
01.exe'
Close preservation Regedit and restart Windows
Delete c: \ windows \ temp $ 01.exe
OK

84. Softwarst
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: NetApp = C: \ windows \ system \
winserv.exe
Close preservation Regedit and restart Windows
Delete the C: \ windows \ system \ winserv.exe
OK

85. Spirit 2000 Beta - v1.2 (fixed)
Remove Trojans v Beta Version:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: internet = "c: \ windows \ netip.exe"
Close preservation Regedit
Open win.ini file
View to run = c: \ windows \ netip.exe
Changes: run =
Close preservation win.ini, restart Windows
Delete c: \ windows \ netip.exe and c: \ windows \ netip.exe
OK
Remove Trojans v 1.2 version:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: SystemTray = "c: \ windows \ windown.exe"
Close preservation Regedit and restart Windows
Delete c: \ windows \ windown.exe
OK
Remove Trojans v 1.2 (fixed) Version:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: Server 1.2.exe = "c: \ windows \ server
1.2.exe"
Close preservation Regedit and restart Windows
Delete c: \ windows \ server 1.2.exe
OK

86. Stealth v2.0 - 2.16
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: Winprotect System = "C: \ WINDOWS \
winprotecte.exe
Close preservation Regedit and restart Windows
Delete the C: \ WINDOWS \ winprotecte.exe
OK

87. SubSeven - Introduction
Remove Trojans v1.0 - 1.1:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: SystemTrayIcon = "C: \ WINDOWS \
SysTrayIcon.Exe"
Close preservation Regedit and restart Windows
Delete the C: \ WINDOWS \ SysTrayIcon.Exe
OK
Remove Trojans v1.3 - 1.4 - 1.5:
Open win.ini file
View to run = nodll
Changed to run =
Close preservation win.ini, restart Windows
Delete c: \ windows \ nodll.exe
OK
Remove Trojans v1.6:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: SystemTray = "SysTray.Exe"
Close preservation Regedit and restart Windows
Delete the C: \ windows \ systray.exe
OK
Remove Trojans v1.7:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
RunServices
\
View to the right item: C: \ windows \ kernel16.dl and delete
Close preservation Regedit and restart Windows
Delete the C: \ windows \ kernel16.dl
OK
Remove Trojans v1.8:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run and
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
RunServices
\
Find the right of the item to: c: \ windows \ system.ini., And delete
Close preservation Regedit.
Open win.ini file
View to run = kernel16.dl
Changed to run =
Close preservation win.ini.
System.ini file open
View to the shell = explorer.exe kernel32.dl
Changes to explorer.exe shell =
Close preservation system.ini, restart Windows
Delete the C: \ windows \ kernel16.dl
OK
Remove Trojans v1.9 - 1.9b:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run and
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
RunServices
\
Delete the right of the item: RegistryScan = "rundll16.exe"
Close preservation Regedit and restart Windows
Delete the C: \ windows \ rundll16.exe
OK
Remove Trojans v2.0:
System.ini file open
View to the shell = explorer.exe trojanname.exe
Changes to explorer.exe shell =
Close preservation system.ini, restart Windows
Delete c: \ windows \ rundll16.exe
OK
Remove Trojans v2.1 - 2.1 SubStealth Gold + + 2.1.3-2.1.3 Mod MUIE + 2.1
Bonus:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run and
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
RunServices
\
Delete the right of the item: WinLoader = MSREXE.EXE
Hkey_classes_root \ exefile \ shell \ open \ command
Will be changed to the right of the item: @ = "\"% 1 \ "% *"
Close preservation Regedit.
Open win.ini file
View and to run = msrexe.exe
Load = msrexe.exe
Changed to run =
Load =
Close preservation win.ini.
System.ini file open
View to the shell = explore.exe msrexe.exe
Changes to explorer.exe shell =
Close preservation system.ini, restart Windows
Delete the C: \ windows \ msrexe.exe
C: \ windows \ system \ systray.dll
OK
V2.2b1 remove Trojans:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run and
Delete the right of the item: Loader = "c: \ windows \ system \ ***"
Note: Loader and documents were randomly change the
Close preservation Regedit.
Open win.ini file
Changed to run =
Close preservation win.ini.
System.ini file open
Changes to explorer.exe shell =
Close preservation system.ini, restart Windows
Delete the Trojans should be relative
OK

88. Telecommando 1.54
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: SystemApp = "ODBC.EXE"
Close preservation Regedit and restart Windows
Delete the C: \ windows \ system \ ODBC.EXE
OK
--


89. The Unexplained
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: InetB00st = "C: \ WINDOWS \
TEMPINETB00ST.EXE"
Close preservation Regedit and restart Windows
Delete the C: \ WINDOWS \ TEMPINETB00ST.EXE
OK

90. Thing v1.00 - 1.60
Remove Trojans v1.00-1.12:
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: (Default) = "C: \ some \ path \ here \
thing.exe"
There are also some in:
HKEY_LOCAL_MACHINE \ System \ CurrentControlSet \ control \
SessionManager \ Known16DL

Ls \
Delete the right of the item: wsasrv.exe = "wsasrv.exe"
Close preservation Regedit and restart Windows
Delete the C: \ some \ path \ here \ thing.exe
OK
Remove Trojans v 1.20 version:
MS_DOS enter:
Del winspc13.exe
Del ms097.exe
System.ini file open
View to the shell = explorer.exe ms097.exe
Changes: shell = explorer.exe
Close preservation system.ini, restart Windows
OK
Remove Trojans v1.50 version:
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
The project path and file name is changed randomly and inspect suspicious
documents path, it will be deleted.
Close preservation Regedit.
System.ini file open
View to the shell = explorer.exe behind the Trojans document
Changes: shell = explorer.exe
Close preservation system.ini, restart Windows
Trojan horse to delete the corresponding documents
OK
Remove Trojans v1.50 version:
MS_DOS enter:
Del winspc13.exe
Del ms097.exe
System.ini file open
View to the shell = explorer.exe behind the Trojans document
Changes: shell = explorer.exe
Close preservation system.ini, restart Windows
Trojan horse to delete the corresponding documents
OK

91. Transmission Scount v1.1 - 1.2
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: Kernel16 "= C: \ WINDOWS \ Kernel16.exe
Close preservation Regedit and restart Windows
Delete the C: \ WINDOWS \ Kernel16.exe
OK

92. Trinoo
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: System Services = service.exe
Close preservation Regedit and restart Windows
Delete the C: \ windows \ system \ service.exe
OK

93. Trojan Cow v1.0
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: SysWindow = "C: \ WINDOWS \ Syswindow.exe"
Close preservation Regedit and restart Windows
Delete the C: \ WINDOWS \ Syswindow.exe
OK

94. TryIt
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: Rc5Dec = C: \ Program Files \ Internet
Explorer \ _.exe-guistart
Close preservation Regedit and restart Windows
Delete the C: \ Program Files \ Internet Explorer \ _.exe
OK

95. Vampire v1.0 - 1.2
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: Sockets = "c: \ windows \ system \
Sockets.exe"
Close preservation Regedit and restart Windows
Delete c: \ windows \ system \ Sockets.exe
OK
96. WarTrojan v1.0 - 2.0
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: Kernel32 = "C: \ somepath \ server.exe"
Close preservation Regedit and restart Windows
Delete the C: \ somepath \ server.exe
OK


97. WCrat v1.2b
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: MS Windows System Explorer = "C: \ WINDOWS
\ sysexplor.exe"
Close preservation Regedit and restart Windows
Delete the C: \ WINDOWS \ sysexplor.exe
OK

98. WebEx (v1.2, 1.3, and 1.4)
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: RunDl32 = "C: \ windows \ system \
task_bar"
Close preservation Regedit and restart Windows
Delete the C: \ windows \ system \ task_bar.exe and c: \ windows \ system
\ msinet.ocx
OK

99. WinCrash v2
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: WinManager = "c: \ windows \ server.exe"
Close preservation Regedit
Open win.ini file
View to run = c: \ windows \ server.exe
Changes: run =
Win.ini kept closed, restart Windows
Delete c: \ windows \ server.exe
OK

100. WinCrash
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: MsManager = "SERVER.EXE"
Close preservation Regedit and restart Windows
Delete the C: \ windows \ system \ SERVER.EXE
OK

101. Xanadu v1.1
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: SETUP = "c: \ somepath \ setup.exe"
Close preservation Regedit and restart Windows
Delete c: \ somepath \ setup.exe
OK

102. Xplorer v1.20
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: PCX = "C: \ WINDOWS \ system \ PCX.exe"
Close preservation Regedit and restart Windows
Delete the C: \ WINDOWS \ system \ PCX.exe
OK

103. Xtcp v2.0 - 2.1
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Run \
Delete the right of the item: msgsv32 = "C: \ WINDOWS \ system \
winmsg32.exe"
Close preservation Regedit and restart Windows
Delete the C: \ WINDOWS \ system \ winmsg32.exe
OK

104. YAT
Remove Trojans steps:
Open registry Regedit
Click directory to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
RunServices \
Delete the right of the item: Batterieanzeige = 'c: \ pathnamehere \
server.exe / nomsg'
Close preservation Regedit and restart Windows
Delete c: \ pathnamehere \ server.exe
OK

								
To top