How to Remove a Virus in Windows - Removing traces in the Registry
(Page 4 of 4 )
Cleaning the registry can be a tedious task. Entries can be sprawled out over many different areas that you may not expect. To make things easier, start off with a good registry cleaner.
I suggest using TweakNow’s RegCleaner. Aside from being freeware, this program is extremely efficient at identifying and removing extraneous entries in the registry. If you’ve renamed all of the files in the last section, RegCleaner will be able to detect most of the entries as being invalid.
Now it’s time to do some manual labor. Open the Registry Editor by entering regedit in the Run… dialog box. You may also use any third part registry editor if you wish.
Begin by searching for the names of your viral processes. As you identify any entries, pay particular attention to those associated with CLSIDs and make a note of them. CLSIDs are very long; just copy and paste them into an empty notepad document.
Delete each of the entries for your viral process until you cannot find any more. Then go back and do the same for each entry containing your CLSID. This should remove all remaining entries.
It’s possible that you may have still missed some entries. Unfortunately, it’s far beyond the scope of this article to show you how to correctly identify each entry in the registry.
Suffice it to say that you have removed more than enough to render your infection completely harmless. Once you have ended and renamed the processes, disabled their startup, and removed all extra registry entries, you’re ready to perform a reboot.
Double check to make sure that the viral processes are no longer running and that all of your software and hardware works as expected. As long as your system is stable, you can go back and safely delete any of the files that you renamed.
And that’s all there is to it. Get in there and get your hands dirty. It’s not as hard as it seems once you begin learning how to recognize rogue processes. Learn the things that run on your system normally so you know if anything is out of the ordinary and maintain regular backups in case disaster strikes.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
