Remove a 'virus' manually - Part Four
Remove the culprit
This post is the fourth part of a series of posts on how to manually remove a malware from your computer.
If you have followed the earlier parts of this tutorials, the virus should be inactive now. We will therefore try to remove it from the system.
First step to do this is to find its location among all the files on the computer. That's near impossible, Right? Wrong!!!
From the second part of this tutorial, we learnt that the viruses (malware) make themselves active at every system start.
That's a first step in removing them. Open the run dialog box (Windows key + R) and type msconfig. This should open a window in which you can view some start up files. If msconfig has been disabled by the malware or you prefer something else, you can use autoruns from sysinternals, glary/tune-up utilities, or even zbshareware's USB disk security.
Every entry in their start up list has a corresponding path (its location on your computer) to it. Browse to the location and delete any item that looks suspicious. Make sure you don't delete any system files. A google search of the start up entries may come in handy.
At this point, we may have two problems:
1. The virus has hidden itself and cannot be seen in the folder specified.
2. The virus does not delete when you try to delete it.
1. Wait a moment, all hope is not lost. Enable viewing of hidden and system files by using either a third party software (even winrar), command prompt or folder options. The two latter ones may have been disabled by the malware. Google for any third party file system explorer to view your files.
2. The virus proves too stubborn to delete. Show it who really owns the pc by forcing it out.
You are now rid of the malware. Restart your PC.
So, you've survived a malware attack unscathed (or maybe just a little, lol). This is what you'll do next.
Other posts in the series