It is no secret that antivirus software does not provide a 100% virus protection guarantee. In this case, the question arises about how to remove the virus manually.
Instructions
Step 1
The presence of a virus is indicated by increased outgoing Internet traffic, the appearance of new files in unusual places, and other warning signs. If the antivirus does not give a positive result, it is necessary to identify the presence of a malicious program.
Step 2
To do this, open the task manager by pressing the key combination Ctrl + Alt + Del and carefully examine the running processes. Having found unidentified processes, feel free to delete them, thereby you will unload it from memory and stop the virus.
Step 3
The next step is to remove the virus program from startup. To do this, click the Start / Run button, type regedit at the command prompt. The following branches need to be reviewed:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce
They should not be running any unknown programs or libraries.
Step 4
Viruses can attach to system executables in the HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon branch, make sure the entry looks like this:
Shell = explorer.exe
UIHost = logonui.exe
Userinit = userinit.exe
All unnecessary attached files must be removed.
Step 5
By following this procedure, you will immobilize the virus, but will not remove it from your computer.
Step 6
Despite the fact that the virus will no longer be able to cause harm, as a rule, users prefer to delete the virus body itself. To do this, look at the system32 system folder and remove any unnecessary extraneous files. To make it easier to find the virus files, sort the contents of the folder by creation date and look for the virus among the most recent files.
Step 7
By removing the body of the virus, you can remove all traces of its stay on your computer. This procedure is available to users who know how to work with the Windows registry, where traces of the virus are located and removed.
