Skip to content. | Skip to navigation

Personal tools
You are here: Home virus-spam-phishing How to Remove the Virus Manually

Large Text  small text  original text  text mode site  

How to Remove the Virus Manually

Last Updated on: Feb 24, 2014 03:35 PM
Tools to remove virus manually
  1. Operating systems CD/DVD (If OS corrupts)
  2. Antivirus software with recent updates
  3. Sysinternals security utilities like process explorer and autoruns
Activate the Registry Editor:

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

The Windows Registry is a database which stores settings and options for Microsoft Windows operating systems. It contains information and settings for hardware, operating system software, most non-operating system software, and per-user settings.

CAUTION: Disable autorun on all drives from Group Policy Editor (gpedit.msc) and never double click removable media without checking virus (for autorun.inf and other virus executables)

Activate the task manager:

Start Menu===>RUN==>gpedit.msc===>

Group policy window will open, In this windows go to User configurataion pane and ===>admin templates===>system===>ctrl+alt+del===>Remove Task Manager==>Select and Apply "Not configured."

(or)

Go to below path in the registry editor and set the DisableTheTaskMgr key  to 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system

Not Able to open command prompt?

Download process explorer or any third party software to view the processes running and find the unwanted software or suspecting processes running under explorer with no signature and kill those processes.


How to find and delete the virus files?
From process explorer find the path of the virus program from where it is running(eg:c:\windows\system32)
  1. Open command prompt(Go to run, Type cmd and press Enter key)
  2. Go to the path with the command (cd\  2) cd c:\windows\system32)
  3. View the file with DIR command. If not able to see execute DIR/AH command to view the hidden files. If you find its hidden execute the command attrib  -r –a –s –h  <filename> to reset the attributes of that file
  4. Then finally delete that file with the command DELETE <file name>
Unable to open drives in My Computer?
  1. Open command prompt with Start Menu -> RUN ->cmd and press enter
  2. In command prompt window, type CD\ to go to the parent directory
  3. View the hidden files with the command DIR/AH , you will find autoruns.inf and other files with extensions like .exe, .com and execute the command ATTRIB –R –H *.* to unhide them and then delete those files with the command DELETE AUTORUN.INF and DELETE <VIRUS FILE NAMES>
If you want further assistance or help, call Information Security Education and Awareness team, C-DAC, Hyderabad or isea@cdac.in

Further information :


Popular Anti-Spyware Softwares   Popular Anti-Virus Softwares
Spybot Search and Destroy
Ad-aware 6.0
Symantec Antivirus
Spysweeper
Microsoft Bit defender
  Microsoft Security Essentials
Sophos Antivirus
AVG Antivirus for home users
AVAST Home Edition
MCA fee Antivirus, Kaspersky 

How most of the viruses/spyware spread?
  1. E-mail Attachments,
  2. Removable media like floppy disks, Pen drives, Memory Cards.
  3. Browsing malicious content and unknown sites

How to detect your computer has virus/spyware?
Task manager, Folder options, registry editor will be disabled, No Access to drives, Cannot install any software or run programs and Antivirus software process never runs,

System responds very slowly, changed home page, continuous popup.

Document Actions

Share |
3.30769230769
No rating set
feedback feedback validator