Effectively Remove Trojan, Virus, Spyware from Windows Startup
Author: Raymond4 Sep
I’ve been helping people to remove trojan, virus, spyware and unnecessary programs from Windows startup for many years now. It’s very interesting because you will learn the Windows startup methods from finding out where will the program be hidden. The old method by running System Configuration Utility(msconfig) doesn’t work so well now because there are many other ways to start the programs when Windows is being booted up without being displayed in System Configuration Utility(msconfig). Even some smart trojans are hidden from Task Manager, Processes tab.
Spywares, it is by nature to create random filenames and file sizes so avoid detection. That is why you always need 2-3 antispywares to completely remove spywares. Using anti-spyware software such as Ad-Aware, SpyBot and XoftSpy is good to identify spyware files but I can assure you that it’s not smart enough to 100% completely remove trojan, virus or spyware from startup. For example, one of my friend’s computer has been infected by spyware because everything is so slow. I find it hard to even download, update or copy the anti-spyware scanners to the computer. However, I manage to copy the updated anti-spyware software to the computer, scanned it, and removed the potential infections. I restarted the computer and it is still slow. That shows that spyware is still being ran during startup.
I am going to show you one of the best way to remove trojan, virus or spyware from startup but it requires you have at least some knowledge in computers, otherwise you’ll be removing the wrong startup programs which may cause the Windows to be unbootable.
HijackThis is a general homepage hijackers detector and remover. Hijackers are spywares, trojans and viruses. They infect your computer without your knowledge.
Initially based on the article Hijacked!, but expanded with a lot of other checks against hijacker tricks. It is continually updated to detect and remove new hijacks. It does not target specific programs/URLs, just the methods used by hijackers to force you onto their sites.
As a result, false positives are imminent, and unless you are sure what you’re doing, you should always consult with knowledgeable folks from forums before deleting anything or you can go a Google search on the filename to know if that file is a virus.
There are 2 types of scan methods.
1. Do a system scan and save a logfile.
- This is for newbie who doesn’t want to mess around with their computers. It will scan your computer and create a hijackthis.log file which you can paste it to forums and request for help.
2. Do a system scan only.
- Same as first method but it doesn’t create log files. Mostly for advance user who would like to troubleshoot themselves.
Again I would like to stress out that IF you’re unsure what to fix after running the scan, please request for help in forums. Simply removing any startup programs would result in an unbootable Windows.
Technorati Tags: spyware, security, adware, malware, virus, trojan, worm, startup, hijackthis
: Copying this article to your website is strictly NOT allowed. However, if you like this article, you can use the HTML code below to directly link to this article.
Related Articles
Top Rated FREE and Powerful Malware Cleaner How To Clean or Remove Virus/Spyware/Trojan When You Can’t Boot In Windows Trend Micro acquired HiJackThis tool Fix AOL Instant Messenger Related Viruses with AIMFix How-to remove Winfixer, Virtumonde, Msevents, and Trojan.vundo (ATLDistrib Object) How to clean Brontok Virus How To Remove ASecurityAssurance.com Zlob Trojan
Incoming Search Terms for the Article
startup virus - virus in startup - start up virus - virus startup - remove trojans and viruses - windows startup virus - how to manually remove a trojan virus - startup virus removal - start up viruses - virus on startup - removing trojans manually - how to remove trojan viruses - how to remove trojan virus from windows vista - remove virus before boot - boot up virus - fjerne trojan virus - virus at startup - virus start up - windows virus program startup - trojan virus startup - windows trojan removal - remove trojan virus - removing startup trojan - virus scan before windows starts - remove trojen virus - bootable trojan remover - how to remove virus from startup - how to remove trojan virus in window - effectivly remove viruses from - trojan remover - trojan lists for hijackthis - how to effectively remove virus - virus on start up - startup trojans - virus starts at boot - removing trojan virus - scan for trojans what is best and safest way - virus in startup - windows trojan virus removal - windows boot virus - how to remove viruses from startup - fjerne trojan - scan for viruses before bootup - virus removing methods - virus check at bootup - trojan virus start up - virus at startup - how to remove trojan win/fakeleak - how to remove trojan virus from windows manually - system startup virus -
Categories
Recent Comments
- Arda Hakan: Are there a way to
- sudharsan @ technoskillonline: very much thanks for the
- taher: i need one username and
- haidar ali: i need norton 2009 product
- Partition Recovery: Its really nice collection of
- Mystique: I can hardly recommend this
- zurd0: Thanks for sharing ray!
- bryan: can u make a hack
- Dharmender Singh: Thanks a lot for such
- Mayson: Can You Send Me A
Have computer technical problems? Get FREE help from Raymond.CC FORUM
18 Responses for "Effectively Remove Trojan, Virus, Spyware from Windows Startup"
my computer will not boot up. When it runs a scan before boot up it says \windows\Dumpbe5F.tmp is cross-linked on allocation unit 3426557
I need help, how do I fix problem? thanks, Robert
gr8t job
[...] Few days ago I was looking for an update on HiJackThis tool. HijackThis is a free utility that generates an in depth report of registry and file settings from your computer. HiJackThis makes no separation between safe and unsafe settings in its scan results giving you the ability to selectively remove items from your machine. In addition to this scan and remove capability HijackThis comes with several tools useful in manually removing malware from a computer. [...]
I would definitely try this one… I once thought this hijackthis is a hacker tool or something…
I am trying to get rid of the Brontok virus and it is just not working it keeps on shutting down my computer every 5mins. I am currently using Zone Alert to scan and remove them but it seem like it is not working that well. Could you please email and tell me what to do????
[...] is starting up. Manually analyzing all startup methods is nearly impossible. That’s why there is HiJackThis and also HiJackFree, both with similar powerful capabilities for analyzing, detecting and removing [...]
[...] starting up. Manually analyzing all startup methods is nearly impossible. That’s why there is HiJackThis and also HiJackFree, both with similar powerful capabilities for analyzing, detecting and removing [...]
Hello raymond! h r u you r indeed doing a great job but where is the link for this software i cant find the download option please provide me one thanx
wheres the link ray???
there are lot of viruses and trojans on my laptop,which are also there in its boot file. whenever i run any antivirus software or start its set up it does nt work,i m not even able to format my windows as there are trojans and viruses in the boot files as well.please help me
eu uso bastante e tem me ajudado muito, essa ferramenta.recomendo.
[]\\\\\\\’s
there are lot of viruses and trojans on my pc,which are also there in its boot file. whenever i run any antivirus software or start its set up it does nt work, in every 5min from task bar is showing you find 70 viruses/trojens/autorun/worm etc .please help me
لو سمحتو دخل عندي فيروس طروادة كيف ازيلة وان ويندوز فيستا الي عندي
someone please help me remove the viris xp2008 antiviris that takes over your computer if you dnt buy it
i have a trojan horse virus, and it wont go ! it seriously wont i have tried everything and anything and its so annoying help!
pls how can i remove trojan virius from my pc. and i think becos of the trojan my pc is very slow pls help me out
My computer has been slow to start up can you please let know if there is anything i can delete to speed it up.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:37:52 AM, on 3/09/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Users\Matthew\Program Files\DNA\btdna.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Users\Matthew\Downloads\Programs\HiJackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ninemsn.com.au
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 – Hosts: ::1 localhost
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 – BHO: Skype add-on (mastermind) – {22BF413B-C6D2-4d91-82A9-A0F997BA588C} – C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 – BHO: (no name) – {5C255C8A-E604-49b4-9D64-90988571CECB} – (no file)
O2 – BHO: NCO 2.0 IE BHO – {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} – C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 – BHO: Symantec Intrusion Prevention – {6D53EC84-6AAE-4787-AEEE-F4628F01010C} – C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 – BHO: Search Helper – {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} – C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 – BHO: Windows Live ID Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: Windows Live Toolbar Helper – {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} – C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 – Toolbar: Show Norton Toolbar – {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} – C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 – Toolbar: &Windows Live Toolbar – {21FA44EF-376D-4D53-9B0F-8A89D3229068} – C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 – HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 – HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 – HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 – HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 – HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 – HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 – HKLM\..\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 – HKLM\..\Run: [osCheck] “C:\Program Files\Norton 360\osCheck.exe”
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 – HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 – HKLM\..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 – HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 – HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 – HKLM\..\Run: [QPService] “C:\Program Files\HP\QuickPlay\QPService.exe”
O4 – HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 – HKLM\..\Run: [UpdatePDRShortCut] “C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\DVD Suite” UpdateWithCreateOnce “Software\CyberLink\PowerStarter”
O4 – HKLM\..\Run: [RemoteControl8] “C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe”
O4 – HKLM\..\Run: [PDVD8LanguageShortcut] “C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe”
O4 – HKLM\..\Run: [UpdatePPShortCut] “C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\PowerProducer” update “Software\CyberLink\PowerProducer\5.0″
O4 – HKLM\..\Run: [CLMLServer] “C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe”
O4 – HKLM\..\Run: [UCam_Menu] “C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe” “C:\Program Files\CyberLink\YouCam” UpdateWithCreateOnce “Software\CyberLink\YouCam\2.0″
O4 – HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 – HKCU\..\Run: [msnmsgr] “C:\Program Files\Windows Live\Messenger\msnmsgr.exe” /background
O4 – HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 – HKCU\..\Run: [BitTorrent DNA] “C:\Users\Matthew\Program Files\DNA\btdna.exe”
O4 – HKCU\..\Run: [Internet Security Services] c:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\DoooooM.exe
O4 – Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 – Extra context menu item: Add to Windows &Live Favorites – http://favorites.live.com/quickadd.aspx
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 – Extra button: Blog This – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 – Extra ‘Tools’ menuitem: &Blog This in Windows Live Writer – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} – C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 – Extra button: Send to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 – Extra button: Skype – {77BF5300-1474-4EC7-9980-D32B190E9B07} – C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 – Gopher Prefix:
O15 – Trusted Zone: http://dating.ninemsn.com.au
O17 – HKLM\System\CCS\Services\Tcpip\..\{E9B4C289-10AE-4157-BC8D-925E4B1CF736}: NameServer = 195.229.241.222 213.42.20.20
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 – Service: Andrea ST Filters Service (AESTFilters) – Andrea Electronics Corporation – C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe
O23 – Service: Agere Modem Call Progress Audio (AgereModemAudio) – Agere Systems – C:\Windows\system32\agrsmsvc.exe
O23 – Service: Apple Mobile Device – Apple Inc. – C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 – Service: Automatic LiveUpdate Scheduler – Symantec Corporation – C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 – Service: Bonjour Service – Apple Inc. – C:\Program Files\Bonjour\mDNSResponder.exe
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 – Service: Symantec Lic NetConnect service (CLTNetCnService) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 – Service: Com4QLBEx – Hewlett-Packard Development Company, L.P. – C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 – Service: COM Host (comHost) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 – Service: GameConsoleService – WildTangent, Inc. – C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 – Service: HP Health Check Service – Hewlett-Packard – c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 – Service: hpqwmiex – Hewlett-Packard Development Company, L.P. – C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 – Service: HP Service (hpsrv) – Hewlett-Packard Corporation – C:\Windows\system32\Hpservice.exe
O23 – Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) – Intel Corporation – C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: iPod Service – Apple Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: LiveUpdate – Symantec Corporation – C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 – Service: LiveUpdate Notice – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 – Service: NVIDIA Display Driver Service (nvsvc) – NVIDIA Corporation – C:\Windows\system32\nvvsvc.exe
O23 – Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) – Unknown owner – C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 – Service: QuickPlay Task Scheduler (QTS) (QPSched) – Unknown owner – C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 – Service: Recovery Service for Windows – Unknown owner – C:\Windows\SMINST\BLService.exe
O23 – Service: Cyberlink RichVideo Service(CRVS) (RichVideo) – Unknown owner – C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 – Service: PC Tools Auxiliary Service (sdAuxService) – PC Tools – C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 – Service: PC Tools Security Service (sdCoreService) – PC Tools – C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 – Service: Audio Service (STacSV) – IDT, Inc. – C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe
O23 – Service: Symantec Core LC – Unknown owner – C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
–
End of file – 12377 bytes
My grandsons pc has trojan horse virus. Can’t even get online to try and remove. Anyway to solve this other than wiping pc clean and reloading everything?
Leave a reply