Manually removing viruses and malware from your computer

Manually removing viruses and malware from your computer. If you want to use an anti-virus program instead, please check out this tutorial written by Burritobob. This tutorial's best intention is focused around removing RAT and Keylogger viruses. Step 1 Run msconfig and look for suspicious files. Here we see one. It’s unknown, and it also has a startup key that we’ve never seen until recently. Uncheck it from start up and/or from services. If you think you are being monitored. Open Command Prompt and do the following Step 2 Boot into safe mode. This can be done by checking the box in the “boot” tab in msconfig. Step 3 Run msconfig in safe mode and we can see it’s checked because the virus is persistent. The virus will not be running however, due to the fact that we are currently in safe mode. Step 4 Navigate to the registry. We are doing this in safe mode because some viruses disable the registry. Note: Be sure your folder options are set to show hidden files and folders Step 5 Navigate to the location of the virus. If you are not sure which one is a virus, locate to all of the following possible locations: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run Step 6 Section a) if you are unsure if it is a virus of not, right click the suspected file{s} and click modify Since you are unsure of the integrity of the file, put a “:” in front of the value data. This will disable the start up of the virus but it will still be in your computer. Section b) if you are certain that you’ve found the virus (like I have in the picture) you can delete the registry entry. Step 7 Be certain it is gone; it shouldn’t even be listed as a startup item anymore. Step 8 To be certain, use CCleaner to scan the registry and fix any issues there are.