Home » Anti-Viruses & Removals » remove a Trojan, Virus, Worm, or other Malware
Jul
07

remove a Trojan, Virus, Worm, or other Malware

ReplyAnti-Viruses & RemovalsJuly 7th, 2009admin

 

Adware - A program that generates popups on your computer or displays advertisements. It is important to note that not all adware programs are necessarily considered malware. There are many legitimate programs that are given for free that display ads in their programs in order to generate revenue. As long as this information is provided up front then they are generally not considered malware

remove a Trojan, Virus, Worm, or other Malware

Dialers, Trojans, Viruses, and Worms Oh My!

If you use a computer, read the newspaper, or watch the news, you will know about computer viruses or other malware. These are those malicious programs that once they infect your machine will start causing havoc on your computer. What many people do not know is that there are many different types of infections that are categorized in the general category of Malware. 
Malware – Malware is programming or files that are developed for the purpose of doing harm. Thus, malware includes computer viruses, worms, Trojan horses, spyware, hijackers, and certain type of adware. 
This article will focus on those malware that are considered viruses, trojans, worms, and viruses, though this information can be used to remove the other types of malware as well. We will not go into specific details about any one particular infection, but rather provide a broad overview of how these infections can be removed. For the most part these instructions should allow you to remove a good deal of infections, but there are some that need special steps to be removed and these wont be covered under this tutorial. 
Before we continue it is important to understand the generic malware terms that you will be reading about. 
Adware – A program that generates popups on your computer or displays advertisements. It is important to note that not all adware programs are necessarily considered malware. There are many legitimate programs that are given for free that display ads in their programs in order to generate revenue. As long as this information is provided up front then they are generally not considered malware. 
Backdoor - A program that allows a remote user to execute commands and tasks on your computer without your permission. These types of programs are typically used to launch attacks on other computers, distribute copyrighted software or media, or hack other computers. 

Dialler - A program that typically dials a premium rate number that has per minute charges over and above the typical call charge. These calls are with the intent of gaining access to pornographic material. 
Hijackers – A program that attempts to hijack certain Internet functions like redirecting your start page to the hijackers own start page, redirecting search queries to a undesired search engine, or replace search results from popular search engines with their own information. 
Spyware – A program that monitors your activity or information on your computer and sends that information to a remote computer without your knowledge. 
Trojan - A program that has been designed to appear innocent but has been intentionally designed to cause some malicious activity or to provide a backdoor to your system. 
Virus - A program that when run, has the ability to self-replicate by infecting other programs and files on your computer. These programs can have many effects ranging from wiping your hard drive, displaying a joke in a small box, or doing nothing at all except to replicate itself. These types of infections tend to be localized to your computer and not have the ability to spread to another computer on their own. The word virus has incorrectly become a general term that encompasses trojans, worms, and viruses. 

Worm - A program that when run, has the ability to spread to other computers on its own using either mass-mailing techniques to email addresses found on your computer or by using the Internet to infect a remote computer using known security holes. 

How these infections start 
Just like any program, in order for the program to work, it must be started. Malware programs are no different in this respect and must be started in some fashion in order to do what they were designed to do. For the most part these infections run by creating a configuration entry in the Windows Registry in order to make these programs start when your computer starts. 
Unfortunately, though, in the Windows operating system there are many different ways to make a program start which can make it difficult for the average computer user to find manually. Luckily for us, though, there are programs that allow us to cut through this confusion and see the various programs that are automatically starting when windows boots. The program we recommend for this, because its free and detailed, is Autoruns from Sysinternals.

When you run this program it will list all the various programs that start when your computer is booted into Windows. For the most part, the majority of these programs are safe and should be left alone unless you know what you are doing or know you do not need them to run at startup. 

At this point, you should download Autoruns and try it out. Just run the Autoruns.exe and look at all the programs that start automatically. Dont uncheck or delete anything at this point. Just examine the information to see an overview of the amount of programs that are starting automatically. When you feel comfortable with what you are seeing, move on to the next section. 
 
How to remove these infections
 
We have finally arrived at the section you came here for. You are most likely reading this tutorial because you are infected with some sort of malware and want to remove it. With this knowledge that you are infected, it is also assumed that you examined the programs running on your computer and found one that does not look right. You did further research by checking that program against our Startup Database or by searching in Google and have learned that it is an infection and you now want to remove it. 

If you have identified the particular program that is part of the malware, and you want to remove it, please follow these steps. 

  1. Download and extract the Autoruns program by Sysinternals to C:Autoruns

  2. Reboot into Safe Mode so that the malware is not started when you are doing these steps. Many malware monitor the keys that allow them to start and if they notice they have been removed, will automatically replace that startup key. For this reason booting into safe mode allows us to get past that defense in most cases.
  3. Navigate to the C:Autoruns folder you created in Step 1 and double-click on autoruns.exe.

  • When the program starts, click on the Options menu and enable the following options by clicking on them. This will place a checkmark next to each of these options.
    1. Include empty locations
    2. Verify Code Signatures
    3. Hide Signed Microsoft Entries
  • Then press the F5 key on your keyboard to refresh the startups list using these new settings.
  • The program shows information about your startup entries in 8 different tabs. For the most part, the filename you are looking for will be found under the Logon or the Services tabs, but you should check all the other tabs to make sure they are not loading elsewhere as well. Click on each tab and look through the list for the filename that you want to remove. The filename will be found under the Image Path column. There may be more than one entry associated with the same file as it is common for malware to create multiple startup entries. It is important to note that many malware programs disguise themselves by using the same filenames as valid Microsoft files. it is therefore important to know exactly which file, and the folder they are in, that you want to remove. You can check our Startup Database for that information or ask for help in our computer help forums.
  • Once you find the entry that is associated with the malware, you want to delete that entry so it will not start again on the next reboot. To do that right click on the entry and select delete. This startup entry will now be removed from the Registry.
  • Now that we made it so it will not start on boot up, you should delete the file using My Computer or Windows Explorer. If you can not see the file, it may be hidden. To allow you to see hidden files you can follow the steps for your operating system found in this tutorial:

    How to see hidden files in Windows

  • When you are finished removing the malware entries from the Registry and deleting the files, reboot into normal mode as you will now be clean from the infection.
    • Share and Enjoy:
    • Print
    • Digg
    • Sphinn
    • del.icio.us
    • Facebook
    • Mixx
    • Google Bookmarks

    Related posts:

    1. Remove Virus from USB Drives -autorun Viruses removal killerOne of the ways by which a virus can infect your PC is through USB/Pen drives. Common viruses such as ’Ravmon’ , ‘New Folder.exe’, ‘Orkut is banned’ etc are spreading through USB drives. Most anti virus programs are unable to detect them and even if they do, in most cases they are unable to delete [...]...
    2. WinPC Antivirus download – WinPC DefenderWinPC Antivirus is a rogue program from the same family as WinPC Defender. This program is advertised through the use of malware that displays fake security alerts and pop-ups on your computer. These alerts state that your computer is infected and that you should download and install WinPC Antivirus in order to clean your computer. [...]...
    3. free Malwarebytes Anti-Malware download setupLicense:Free Operating Systems:Windows Vista, Windows 95, Windows Me, Windows 2000, Windows NT, Windows 7, Windows XP, Windows 98 Additional Requirements:Windows 95/98/Me/NT/2000/XP/2003/Vista/7 Malwarebytes Anti-Malware is a high performance anti-malware application that thoroughly removes even the most advanced malware and spyware. With one of the fastest, most effective quick scans and malware removal capabilities on the market, [...]...
    4. WinPCAntivirus removal Download_mbam-setup.exeAutomated Removal Instructions for WinPC Antivirus using Malwarebytes Anti-Malware: ...
    5. Removing JAY.EXE VirusTo be able to locate all the mveo.exe and jay.exe files,1. open a windows explorer window2. click on tools then click folder options3. choose the view tab4. on the hidden files and folders menu tick on show hidden files and folders.5. uncheck hide extensions for known file types6. uncheck hide protected operating system files (recommended)7. click apply then okNext we will have to remove the jay.exe and mveo.exe files1. Press ctrl+alt+del to open taask manager2. In the processes tab look for the mveo.exe and end process.To delete all the jay.exe and mveo files, search for it using the search for files and folder option in the start menu.1. type jay.exe in the searchbar2. click more advanced option3. put a check on search hidden files and folders4. then click on start search5. delete all jay.exe entries6. repeat steps 1-5 to search for mveo.exe7. also delete autorun.inf fileTo delete registry entries1. click on start2. click on run3. in the run text box type regedit4. press ctrl+f and type in the textbox jay.exe5. delete all entires having jay.exe entries6. press F3 to search the next entry.note: if an entry is in c:windows... edit the value and go to the end of the string anddelete only the jay.exe text on the end of the stringTo edit the IE windows back to its original name:1. open regedit2. press ctrl+f3. type in the searchbar window title4. If the value that appears has the jaymyka.wen9.com value, change it to Internet Explorernote: this would be the title bar of your Internet Explorer.After all of these steps are done:try to look again for the jay.exe and mveo.exe files using the search for files and folders application of windows.after deleting all those files restart your computer....
    6. Disable Windows Autorun – Scan USB, Download FREE USB Virus Protection and Removal ToolHow to remove USB flash drive virus? Where to download USB virus removal tool for free? Which is the best USB virus cleaner, scanner and security software? How to disable Windows XP and Vista autorun feature when insert a new media? ...
    7. disable unwanted services in windows vistaPreviously, we have seen how to adjust Vista for best performance by changing its Visual Effects. One of the other method to increase the Vista or Windows Operating System performance is to reduce the startup time. By default, most of the applications, when you install creates an entry in the startup and it loads every [...]...
    8. Registry Defender PlatinumWhat this programs does: Registry Defender Platinum is a rogue registry cleaning program that is advertised via malware such as the Vundo Trojan. When infected with Vundo, pop-ups will be displayed that state your Windows Registry is corrupted and that you should download and install Registry Defender Platinum. If you decide to download and install [...]...
    9. Ravmon Smart Virus Removal Tool 3.2 downloadit has been replaced by Smart Virus Remover. Click below to go to location where you can download it...
    10. What is C++?C++ is a type of computer programming language. Created in 1983 by Bjarne Stroustrup, C++ was designed to serve as an enhanced version of the C programming language. C++ is object oriented and is considered a high level language. However, it features low level facilities. C++ is one of the most commonly used programming languages. ...
    11. Removing Happy99.exe (ska) virusThis Happy99.exe (ska) virus or worm as it is better described, This worm is attached to newsgroup and e-mail messages as an attachment called Happy99.exe. You cannot get infected with this virus just by reading a newsgroup or e-mail message. You have to execute the attachment by opening it. Generally, the person who sent it [...]...
    12. kaspersky internet security 2009Kaspersky Internet Security 2009 * Protects from viruses, Trojans, worms, spyware, adware * Scans files, email, and Internet traffic * Protects instant messengers * Protects from unknown threats * Analyzes and closes Internet Explorer vulnerabilities * Disables links to malware sites / phishing sites * Global Threat Monitoring (Kaspersky Security Network) * Blocks all types [...]...
    13. How To Prevent Hard Drive ProblemsYou know that a regularly scheduled simple maintenance may help keep your computer in shape and there are plenty of third-party programs to help you keep your computer in peak form. However, Microsoft Windows provides you with a solid toolbox of built-in programs to help you keep your computer in shape. Check out the Windows [...]...
    14. Protected USB Drives – Target for Virus InfectionsBecause thumb drives are so popular and generally get used to move data between multiple systems frequently, especially in the IT world, they are also a prime target for attackers as means to get infections spread around with you doing most of the work for them. Although a lot of work places ban the use [...]...
    15. USB Stick Virus causes Windows XP Problems (RECYCLER.exe)I got an interesting Problem. I havent figured it out completely yet and hope for some support from you guys.I´m not a geek, and moreover completely new at forums. But enough personal preliminaries.I have an USB Stick. When I Plug it in, everything is fine, till i double click it in Windows Explorer. After I do so, it does something i havent really figured out. But so far I can report the following problems it seems to cause:i) After a while i get a Windows error message that tells me: RECYCLER.exe has encountered a problem and needs to be closed, ...ii) The USB Stick wont open anymore, when I double click it. I have to right click it and say explore out of the context menu.iii) I cant show hidden files anymore in Folder Options! I solved this Problem already by following the tips of this Forum here in that thread:http://forums.cnet.com/5208-6142_102-0.html?forumID=5&threadID=232457&messageID=2396828I Used the Registry fix:HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALLin the right side of the window, there must be a entry called: checkedvalueright click on it n and select value....if its value is set for 0 than delete it n set the value as 1..close the regedit window.....now the problem must be gone......this worked in my system n now i canunhide the hidden files......This Registry Fix makes me capable to show hidden files in Windows explorer again.iv) when i unplug the USB stick and Plug it in again, Windows just wouldn`t give me the menu with the Options what i want to do anymore.As I said, I fixed the problem to show hidden Files. So there are two hidden Files on my USB Stick:a) autorunb) RECYCLERautorun looks like this:[AutoRun]open=RECYCLER.exeshellexecute=RECYCLER.exeshellAutocommand=RECYCLER.exeWhat the RECYCLER.exe does, i cant really tell. I tried to figure out by disassembling it with a tool from HavenTools called PE Explorer:http://www.heaventools.com/But my Computer Skills seem to be not sufficient enough to analyse it properly. Can anybody help me?...

    501 views

    Add reply

     3000 characters available