How To Manually Remove virus
If you have tried all the solutions listed on our site and still could not disinfect your system then try to manually remove the virus using the instructions below:
In order to compelete the instructions below. You need to have Process Explorer and Autoruns. Download them separately
Unpack these and copy exe files to Windows Directory
Close and exit all programs (even from tray) except Internet Explorer or your internet browser
Run process explorer by typing procexp in the start menu Run and do as illustrated.
rocexp.exe is Process Explorer’s own process
winword.exe is MS WORD
mspaint.exe is Paint
IEXPLORE.exe is Internet Explorer
Wmplayer.exe is Windows Media Player
If you do see any suspicious process
then right click on it and then properties. In the path: field copy the path and Open Run Dialogue and paste the path there
Now terminate the suspicious task in process explorer
If the same process starts again then suspend the process by right clicking on it and click suspend on the menu. Remove the name of the application from path now listing only folder.
e.g If you have copied C:\WINDOWS\system32\mspaint.exe then remove mspaint.exe and you will see C:\WINDOWS\system32\ this in the Run Dialogue.
Delete Hidden Files
Press Enter to open Explorer and locate the file name whose name you have just removed.After locating the file delete the file.If you can not find the file it must be hidden.
If Show Hidden Files and Folders Option not working Use WinRAR
To remove hidden files Download WinRAR which will show you all hidden files
Now look at the root of every drive to find hidden files.
Delete .exe and autorun.inf like files if you find any. But do not delete these files as these are system files
autoexec.bat, boot.ini, bootmgr,config.sys, io.sys, msdos.sys, ntdetect.com, pagefile.sys,ntldr, hiberfil.sys
Now you have successfully terminated virus process the next thing is to remove those virus files which start upon system start.
Open Autoruns by typing autoruns in the Run Dialogue. Wait while refreshing completes.
In the Options –> Hide Microsoft Entries. And click Refresh button on the interface OR Close the program and start again
After scanning completes select Logon tab and uncheck all the entries be sure do not unselect any Microsoft Entry.Restart system for the changes to take effect