Browse » Home
Wednesday, February 2, 2011
How to Remove a Trojan Horse Actived .dll
1. Bring up the Task Manager menu by pressing 'Ctrl,' 'Alt' and 'Delete' together. Click 'Open Task Manager' and then click the 'Processes' tab.
2. Locate the process entry named '2[1].exe.' Click the entry and then select 'End Process.' Remove the processes named '3[1].exe,' '5[1].exe,' '6[1].exe,' '7[1].exe,' '8[1].exe,' 'winform.dll,' 'cmdbcs.exe,' 'cmdbcs.dll,' 'd[1].exe,' 'deledomn.bat,' 'gadugadu.exe,' 'ghook.dll,' 'project1.exe,' 'msccrt.dll,' 'msccrt.exe,' 'servet.exe,' 'upxdndq.exe' and 'upxdndq.dll.'
3. Shut down the Task Manager and then access the Start menu. Click the 'Search' option. Search for and delete each of the files you ended the processes for earlier.
4. Search for 'syswm2' and delete the folder that appears in the search results. Enter 'Regedit' into the search field and then double-click the registry editor icon.
5. Expand the folders in the registry editor until you reach the folder named 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WindowsDown.' Find the registry value at the right side of the window named 'Description.' Right-click the value and hit 'Delete.'
6. Delete the values labeled 'DisplayName,' 'Type,' 'Start,' 'ObjectName,' 'ImagePath,' 'NextInstance,' 'ErrorControl' and 'Service.'
7. Open the registry folder named 'Security.' Right-click and delete the values labeled 'Security' and 'NextInstance.'
8. Navigate over to the registry folder named 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINDOWSDOWN\0000.' Delete the values named 'ConfigFlags,' 'ClassGUID,' 'Legacy,' 'Service' and 'DeviceDesc.'
9. Shut down the registry editor. Restart your computer's operating system.