This article is related to
How to Manually Remove Viruses From Your System
Note: This solution will work only against those Viruses which does not infect Windows own Exe files e.g like explorer.exe
Virus Symptoms
You may have seen some unexpected things that should not happen. Some of the symptoms of viruses are:
Disables Task Manager
Disables Registry Editor
Disables Command Prompt
Sometime you have no application open but CPU usage goes over 50%
My Computer Drives not opening by Double Click
Automatic Shutdown
Computer Slows down
Hidden Files will not be showing
Folder Options will strange language
Manual Removal
If you have tried all the solutions listed on our site and still could not disinfect your system then try to manually remove the virus using the instructions below. There are five steps
Caution: While the manual process is going on do not open any My Computer drive through My
Computer
1. Process Terminination
In order to complete the
instructions below. You need to have Process Explorer and Autoruns, 7ZIP and Unlocker.
You can download them separately or download the powerexepack and install it
PowerExes Pack (3.3 MiB, 19,586 hits)
Close and exit all programs (even from tray) except Internet Explorer
or your internet browser.
Run process explorer by typing procexp in the start menu
Run and do as illustrated.
All the system process are collapsed in the system tree, so if you see a process like winlogon.exe in explorer tree then it is surely a virus
2. Virus File Deletion
Viruses files and small programs does not have a digital signature. You can see the the company name is blank for the process SSVICHOSST.exe
If you do see any suspicious process, Processes can be checked at http://www.processlibrary.com/
Here is an example, some viruses are running on the computer.
Now next step is the deletion of virus files.
Right click on any of the virus process then properties. In the path: field copy the path. Now switch to the procexp interface. you can use ALT+TAB to switch b/w different windows.
Note that non-Microsoft processes have Verify button grayed out in the properties box.
In the File Menu –> Run
Type this carefully
unlocker.exe “[FileName With Path]” /d
e.g unlocker.exe “D:newexplorer.exeexplorer.exe” /d
You may be prompted, In No action select delete and OK
This command will terminate the virus and delete its file
Use the command on all the one by one processes except for the Microsoft processes ( in procexp it shows Microsoft Corporation in company name column )
3. Files deletion from the root of drive
The second step is deleting files. If you have installed powerexe, Start Menu–> 7-ZIP–> 7-ZIP File Manager which will show you all hidden files and go through the root path of every drive
Delete autorun.inf and all files like
ravmon.exe, smss.exe,Funny UST Scandal.exe,explorer.exe
But do not delete these files as these are system files
autoexec.bat, boot.ini, bootmgr,config.sys, io.sys, msdos.sys, ntdetect.com, pagefile.sys,ntldr, hiberfil.sys,,xeldr,gdrop
Go to each drive and delete these files from root
4. Removal of startup entries
Now you have successfully terminated virus process the next thing is to remove those virus files which run upon system start.
Open Autoruns by typing autoruns in the Run Dialogue. Wait while refreshing completes.
In the Options –> Hide Microsoft Entries. And click Refresh button on the interface OR Close the program and start again
After scanning completes select Logon tab and uncheck all the entries be sure do not unselect any Microsoft Entry.
5. Restoring Windows Default settings
Download
Smart Virus Remover (889.9 KiB, 851,602 hits)
Run the Smart Virus Remover and it will automatically restore windows settings
Now scanning your system for an fully functional Anti-Virus will be the last suggestion
Troubleshooting
Incase of any problem. you did a wrong move. Open Autoruns, in the Options –> Unselect Hide Microsoft Entries. And click Refresh button on the interface OR and select all entries .Close the program and start your system again.