**************************************************
****** ******
****** SKULLBOCKS ******
****** ******
****** http://www.skullbocks.0catch.com ******
****** ******
***************************************************


Title: 2 Minute Guide for Virus, Trojan, suspicious file removal from your system.
Author: Ankit Khare, and Harpreet Arora.
Date: September 5, 2003.

Just in 2 minutes....

A Quick Tutorial on how to secure your system from VIRUSES and SUSPICIOUS FILES....

Well as the heading ("just in 2 minutes") suggests... It has nothing to do
with MAGGIE noodles...:-)

From the moment you are connected to Internet, your system is a prey of
many type of viruses, dangerous trojan horses and other weapon of a tool box
of hacker. We have started hacking by using ready-made torjans and anti virus
killers but recently we found that it is not at all secured to use such
softwares as maximum of them leak your personal information like your system
configuration, your Internet Protocol Address etc. to the creator of the
trojan. So if you want to control someones computer using a trojan like
software, buy a TCP/IP book, download some socket programming E-books and
using them create your own software.

Now we are telling you a common method, which will surely work to remove a virus or a trojan horse from your system.

When you run an exe file of some trojan it may make its prototype in
Startup, Windows folder or even create a key in Windows registry which
initiate the program every time you turn on your computer.

First of all your task is to stop the running process of virus or Trojan
like activity. So open the task manager of your system, detect any suspicious
process in that. Most common processes are given in Image.


The above process are the most common and are important for smooth
functioning of your computer. There will be many normal processes which are also there... Like if you have windows messenger running you will have msmsgs.exe, wmplayer.exe for Windows Media Player.

Hope you found one..... Congratulations.... Suppose the name of process
is 'XYZ.exe' or 'XYZ.dll'. Don't be so happy now.... you haven't healed the problem
permanently. When you will restart your system the process will again start
and again, same story will be repeated as the virus key is in start up or registry.

To remove it, perform the second step.
Click on start and select the RUN command.
Type msconfig in that and run it.
A window will be displayed as shown below.

Click on Startup tab and it will look some what shown below.

Uncheck the Check box of XYZ.exe or XYZ.dll. Here Observe carefully the Location of the key of Virus or Trojan in registry (given in Location Column).

This will work with Windows XP (We haven?t checked it for 2000), but in case you?re using WIN98, or WIN ME, then you wont be able to see the location of the key in Registry Editor, when you?re opened up with msconfig utility. So, in case you?re using 98 or ME, just move on to Windows registry, by clicking Start Button, then Clicking on Run, and then typing regedit in the Run textbox. Now, you know the name of the Startup Item, search it in the windows registry through Find. And you?ll get its location in the Registry.

Well, now virus is deactivated from your computer. Congratulations again? You have done it.

Now the final step?. But be sure that you are familiar with Windows Registry and the virus key. It is because you are now going to delete the virus key from registry. For this on run command type REGEDIT and run it to open the registry. Delete the Key and don?t forget to make a backup of registry of your system before performing this operation, So that any ill caused can be cured.




You can know the latest virus updates on
http://www.skullbocks.0catch.com
and can get ready-made virus removers on Norton AntiVirus Site
http://www.symantec.com
So? Remember Knowledge is Power. If you face any problem regarding the article, feel free to contact us at our E-mail address.
Best of Luck?.

************************************************************************
Document written by :-

Harpreet Arora.
lettheheavensfall@yahoo.com

Ankit Khare.
incandescent_heart@hotmail.com

you forget about cleaning the regekey a virus can make, by hooking any executable extension, so when a file of that type is run, the virus is also run, use ftp://ftp1.avp.ch/utils/clrav.com to automatically check and restore these keys (this little tool from kaspersky allso checks the memory for active (in-the-wild) virii and cleans them)

yes indeed, but there are several others like hooking explorer, using the icq reg keys, ... see this board somewhere else for a more up-to-date list, i added even some more there