How To Manually Remove a Virus From Your Computer

Tags:
Remove Virus Manually Virus Locations Registry Configuration
Krazeee
By See all their Tutorials
How To Manually Remove a Virus From Your Computer

Learn how to manually remove virus easily from your PC by watching this video:


This guide focuses on manually removing viruses and malware from your computer. If you want to use an anti-virus program instead, please check out this tutorial written by Burritobob. This tutorial's best intention is focused around removing RAT and Keylogger viruses.

Step 1
Run msconfig and look for suspicious files. Here we see one. It’s unknown, and it also has a startup key that we’ve never seen until recently. Uncheck it from start up and/or from services.


If you think you are being monitored. Open Command Prompt and do the following


Step 2
Boot into safe mode. This can be done by checking the box in the “boot” tab in msconfig.


Step 3
Run msconfig in safe mode and we can see it’s checked because the virus is persistent. The virus will not be running however, due to the fact that we are currently in safe mode.


Step 4
Navigate to the registry. We are doing this in safe mode because some viruses disable the registry.
Note: Be sure your folder options are set to show hidden files and folders


Step 5
Navigate to the location of the virus. If you are not sure which one is a virus, locate to all of the following possible locations:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run


Step 6
Section a) if you are unsure if it is a virus of not, right click the suspected file{s} and click modify


Since you are unsure of the integrity of the file, put a “:” in front of the value data. This will disable the start up of the virus but it will still be in your computer.


Section b) if you are certain that you’ve found the virus (like I have in the picture) you can delete the registry entry.


Step 7
Be certain it is gone; it shouldn’t even be listed as a startup item anymore.


Step 8
To be certain, use CCleaner to scan the registry and fix any issues there are.


Recap
Hopefully this should’ve gotten your computer rid of any viruses. It is recommended to download the latest version of an Anti-Virus program and scan your computer fully even after doing this.

Please Note: If you still feel insecure it is recommended to do a clean reinstall of Windows. After reinstalling, install Microsoft Security Essentials as it is the most trusted anti-virus.

Thank you for reading :)