How to Manually Remove Viruses From Your System

Note: This solution will work only against those Viruses which does not infect Windows own Exe files e.g like explorer.exe

Virus Symptoms

You may have seen some unexpected things that should not happen. Some of the symptoms of viruses are:

Disables Task Manager

Disables Registry Editor

Disables Command Prompt

Sometime you have no application open but CPU usage goes over 50%

My Computer Drives not opening by Double Click

Automatic Shutdown

Computer Slows down

Hidden Files will not be showing

Folder Options will be disappear 

Manual Removal

If you have tried all the solutions listed on our site and still could not disinfect your system then try to manually remove the virus using the instructions below:

In order to compelete the instructions below. You need to have Process Explorer and Autoruns. Download them separately

http://download.sysinternals.com/Files/ProcessExplorer.zip

http://download.sysinternals.com/Files/Autoruns.zip

Unpack these and copy exe files to Windows Directory

Close and exit all programs (even from tray) except Internet Explorer or your internet browser
Run process explorer by typing procexp in the start menu Run and do as illustrated.

After collapsing

procexp.exe is Process Explorer’s own process

winword.exe is MS WORD

mspaint.exe is Paint

IEXPLORE.exe is Internet Explorer

Wmplayer.exe is Windows Media Player

If you do see any suspicious process

then right click on it and then properties. In the path: field copy the path and Open Run Dialogue and paste the path there
Now terminate the suspicious task in process explorer
If the same process starts again then suspend the process by right clicking on it and click suspend on the menu. Remove the name of the application from path now listing only folder.

e.g If you have copied C:\WINDOWS\system32\mspaint.exe then remove mspaint.exe and you will see C:\WINDOWS\system32\ this in the Run Dialogue.

Delete Hidden Files

Press Enter to open Explorer and locate the file name whose name you have just removed.After locating the file delete the file.If you can not find the file it must be hidden.

If Show Hidden Files and Folders Option not working Use WinRAR

To remove hidden files Download WinRAR which will show you all hidden files

See the figure and locate that file and delete that file. If still unable to delete file then see our post about deleting the file.

Now look at the root of every drive to find hidden files.

Delete .exe and autorun.inf like files if you find any. But do not delete these files as these are system files

autoexec.bat, boot.ini, bootmgr,config.sys, io.sys, msdos.sys, ntdetect.com, pagefile.sys,ntldr, hiberfil.sys

Now you have successfully terminated virus process the next thing is to remove those virus files which start upon system start.

Open Autoruns by typing autoruns in the Run Dialogue. Wait while refreshing completes.

In the Options –> Hide Microsoft Entries. And click Refresh button on the interface OR Close the program and start again

After scanning completes select Logon tab and uncheck all the entries be sure do not unselect any Microsoft Entry.Restart system for the changes to take effect.

Now use Ravmon Virus Killer to restore some settings

Now scanning your system for an Anti-Virus will be the last suggestion

Troubleshooting

Incase of any problem. you did a wrong move. Open Autoruns, in the Options –> Unselect Hide Microsoft Entries. And click Refresh button on the interface OR and select all entries .Close the program and start your system again.

Enable Run Command if it is missing from Start Menu December 8, 2007

Posted by raghupathy in Windows.
add a comment

Some User have complained about the Run Command missing from Start Menu due to some virus effects. Also users when press ( Windows Key + R ) to use Run command an error message appears

This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator.

Run not displaying in Start Menu

So I have finally came up with the solution for it. I have made up two solutions, Manual and Automatic. First try Manual and if it did not work then try Automatic.

Manual Solution

Open My Computer –> C drive –> Windows –> System32 –> Locate gpedit.msc file and run it. See the figure below

While you have opened Group Policy see in the left pane and in the User Configuration Expand Administrative Templates and select Start Menu  and Taskbar now in the right pane locate Remove Run Menu from Start Menu and double click it. See the figures

Select Disabled in the properties dialogue and press apply then OK

Now close all open Windows you will see the Run has been restored in Start Menu. See the figure now

Automatic Solution

Download Ravmon Virus Removal Tool and then use Restore Default Windows Settings to Restore.

After this either Restart or kill explorer.exe or run it again