How To Clean or Remove Virus/Spyware/Trojan When You Can’t Boot In Windows
Author: Raymond19 May
Virus writers/creators are getting smarter nowadays. Most of the time, I was able to clean virus / trojans / spywares in Windows Safe Mode since the normal Windows loads up virus during startup. So in Safe Mode, it doesn’t load and I get to check all the startup methods and remove whatever entries that’s suspicious. If you’ve been infected by a virus called Brontok, you’ll know how it can get on your nerves and want to look for the writer to bash him up! The author of Brontok virus always update its variant so that Brontok cleaners and antivirus wouldn’t be able to clean Brontok from the system.
Brontok virus disable Registry Editor (regedit.exe), System Configuration Utility (msconfig.exe) and also Task Manager. When you try to run any of the tool, your computer automatically restarts. Even in Safe Mode!!! That can be solve by using a Brontok cleaner which removes Brontok from memory and then enable back the Registry Editor and System Configuration Utility. Then you can use various types of antivirus or brontok cleaners which I found to scan and remove any Brontok infected files.
Yesterday I met a new case where Brontok virus doesn’t allow you to boot in Windows at all. Not even in Safe Mode! It automatically restarts when you log in to any user account. Here’s how you can make a Windows bootable again if it’s caused by virus, trojans or spywares.
There are so many startup methods and it’s very hard to check them when you can’t boot in to Windows. What you can do now is clean up as many virus files as possible. For example, Brontok virus place a file called Empty.pif on your Windows Startup. If the Empty.pif file is removed, it won’t be able to load Empty.pif when you boot up your computer. You’ll most probably be getting an error message saying that “file is not found” or something similar to that but now you can boot in to Windows. It can be that buggy Empty.pif causing your computer to automatically restart when you log in Windows. You get the whole picture?
This is what I suggest you to do if your Windows auto restarts itself whenever you log in to Windows and it’s caused by virus, trojan or spyware.
1. Download and burn the latest Hiren’s BootCD.
2. Put in the CD and boot up with it.
3. When you get the Hiren’s BootCD startup menu, select number 2 to Start BootCD.
4. Select option number 3 that says Antivirus Tools…
5. Select option number 1 that says F-Prot Antivirus 3.16f 26-04-2007 (Date and version might be different)
6. A blue colored screen will appear that says F-Prot Antivirus Scanning options.
7. Select option number 2 that says “Dumb” Scan of all files.
8. You will now have the option of what to do with the infected files. For me, I’d choose delete automatically.
9. Select the drive to scan and wait for the scanning to complete.
After using F-Prot Antivirus to scan, you can use McAfee Antivirus to scan again. Just select option number 2, then select option number 1 that says “Scan of all files“.
Most of the virus, trojan and spyware should be removed after scanning with F-Prot Antivirus and McAfee Antivirus. Eject Hiren’s BootCD and boot your computer as normal. Very likely you’re able to boot in Windows now but you’ll be getting a error message saying couldn’t find some certain file. That’s OK, you know that at least it doesn’t load the Virus during startup.
The next step after you can boot in to Windows is, run AIMFix. AIMFix is a very powerful tool that is able to remove suspicious files that’s running in memory.
If you’re infected by Brontok, use ALL of the tools listed here to scan and fix your system. It should bring back your regedit and msconfig.
To be on the safe side, install a good Antivirus such as Kaspersky on your system, update it to the latest version and definitions, and run a thorough scan.
You should be able to remove most virus, trojan or spyware using the method above. Make sure you always have Hiren’s BootCD with you because it’s the best of the best Boot CD. Also, a USB flash drive containing AIMFix, and all brontok cleaners would be very useful too.
Good luck and hope you’re able to boot in Windows after cleaning the nasty virus.
[tags]virus, bootcd, hiren, boot, Windows, spyware, trojan, security, worm, AIMFix, brontok[/tags]
: Copying this article to your website is strictly NOT allowed. However, if you like this article, you can use the HTML code below to directly link to this article.
Related Articles
Kaspersky Offers FREE Rescue Disk To Clean Virus Without Booting in Windows Clean your MSN/Windows Live Messenger Interface Uninstalling Any Nero Software Fix Unable to ReInstall Program after Uninstallation Remove Leftovers Driver From Your System Remove Advertisement Banner in ICQ v5.10 FREE Dr.Web LiveCD To Scan and Remove Virus Without Starting Windows
Have computer technical problems? Get FREE help from Raymond.CC FORUM
16 Comments to “How To Clean or Remove Virus/Spyware/Trojan When You Can’t Boot In Windows”
Leave a reply
Incoming Search Terms for the Article
boot virus removal - virus removal boot disk - bootable virus removal - vircure - empty.pif - curice virus - system virus removal - bootable virus removal cd - bootable trojan remover - how to remove virus from cd - remove virus from memory - how to remove virus in memory - bootable virus removal disk - boot up virus removal - can\'t remove virus - how to remove virus from system - spyware boot cd - remove boot virus - boot disk virus remover - remove spyware boot cd - bootable virus cleaner - how to clean brontok - virus removal boot CD - how to remove boot virus - cant remove a virus program - clear virus - remove virus memory - registry cleaner boot cd - vircure.exe - virus cleaner cd - can't remove virus - start up virus removal - how to remove virus from memory - removal virus bootstrap - virus cleaning cd - bootable cd for virus removal - boot cleaner virus - como quitar virus trojan - removing virus in safe mode - remove virus cd - virus removal boot disc - Barack Obama - how can i remove a virus from the registry - virus, can't start computer - boot cd virus removal - can't delete virus - clean boot virus - usb boot virus removal - VIRCURE.EXE virus - removing a boot virus -Latest Posts
- Interesting HTML5 Demos that will have you excited for the future
- Revo Uninstaller Pro – A Great Tool, That Got Better!
- IMMUNET Protect Plus at a glance – 10 licenses giveaway: Update winners declared
- Reset BIOS Password from Windows with CMOS De-Animator
- How to Delete Files or Terminate Process When You Can’t
- 4 Image Viewers for Better Photo Viewing and Protection Against JPG Exploit
- Using Gmail or Non Hotmail/MSN/Live Email Address in Windows Live Messenger
Ads
Friends
- The NeoSmart Files
- gHacks.net
- dotTech
- Freeware Genius
- CypherHackz
- Life Rocks 2.0
- ZHacks
- Approach Women That You See
Translate
Verison 9.0 of Hiren’s Boot CD Released
Look at
http://rapidshare.com/files/31932355/HBCD9.zip
- Cyberabad
Good news for all computer freak…addicted_dude has decoded the kernel of microsoft.. its c equivalent code is as follows… use this code just for educational purpose…
//Microsoft Code
//Subject: *** TOP SECRET MICROSOFT CODE ***
#include one_month_old)
{
if (there_are_still_bugs)
market(bugfix);
if (sales_drop_below_certain_point)
raise(RUMOURS_ABOUT_A_NEW_BUGLESS_VERSION);
}
while(everyone_chats_about_new_version)
{
make_false_promise(it_will_be_multitasking); /* Standard Call, in
lie.h */
if (rumours_grow_wilder)
make_false_promise(it_will_be_plug_n_play);
if (rumours_grow_even_wilder)
{
market_time=ripe;
say(“It will be ready in one month);
order(programmers, stop_fixing_bugs_in_old_version);
order(programmers, start_brainstorm_about_new_version);
order(marketingstaff, permission_to_spread_nonsense);
vapourware=TRUE;
break;
}
}
switch (nasty_questions_of_the_worldpress)
{
case WHEN_WILL_IT_BE_READY:
say(“It will be ready in”, today+30_days,” we’re just testing”);
break;
case WILL_THIS_PLUG_AND_PLAY_THING_WORK:
say(“Yes it will work”);
ask(programmers, why_does_it_not_work);
pretend(there_is_no_problem);
break;
case WHAT_ARE_MINIMAL_HARDWARE_REQUIREMENTS:
say(“It will run on a 8086 with lightning speed due to”
” the 32 bits architecture”);
inform(INTEL, “Pentium sales will rise skyhigh”);
inform(SAMSUNG, “Start a new memorychip plant”
“‘cos all those customers will need at least 32 megs”);
inform(QUANTUM, “Thanks to our fatware your sales will triple”);
get_big_bonus(INTEL, SAMSUNG, QUANTUM);
break;
case DOES_MICROSOFT_GET_TOO_MUCH_INFLUENCE:
say(“Oh no, we are just here to make a better world for
everyone”);
register(journalist, Big_Bill_Book);
when(time_is_ripe)
{
arrest(journalist);
brainwash(journalist);
when(journalist_says_windows95_is_bugfree)
{
order(journalist, “write a nice objective article”);
release (journalist);
}
}
break;
}
while (vapourware)
{
introduction_date++; /* Delay */
if (no_one_believes_anymore_there_will_be_a_release)
break;
say(“It will be ready in”,today+ONE_MONTH);
}
release(beta_version)
while (everyone_is_dumb_enough_to_buy_our_bugware)
{
bills_bank_account += 150*megabucks;
release(new_and_even_better_beta_version);
introduce(more_memory_requirements);
if (customers_report_installation_problems)
{
say(“that is a hardware problem, not a software problem”);
if (smart_customer_says_but_you_promised_plug_and_play)
{
ignore(customer);
order(microsoft_intelligence_agency, “Keep an eye on this
bastard”);
}
}
if ( bills_bank_account>skyhigh && marriage>two_years )
{
divorce(woman_that_was_beatifull_when_I_married_her);
wave(dollars, at_lusty_chicks);
marry(young_blond_virgin_with_big_boobies);
devirginize(young_blond_virgin_with_big_boobies);
if (boobies_start_to_hang)
dump(young_blond_virgin_with_big_boobies);
}
if (there_is_another_company)
{
steal(their_ideas);
accuse(compagny, stealing_our_ideas);
hire(a_lot_of_lawyers); /* in process.h */
wait(until_other_company_cannot_afford_another_lawsuit);
buy_out(other_company);
}
}
/* Now everyone realizes that we sell bugware and they are all angry at
us */
order(plastic_surgeon, make_bill_look_like_poor_bastard);
buy(nice_little_island); hire(harem);
laugh_at(everyone,
for_having_the_patience_year_after_year_for_another_unfinished_version);
}
void bugfix(void)
{
charge (a_lot_of_money)
if (customer_says_he_does_not_want_to_pay_for_bugfix)
say(“It is not a bugfix but a new version”);
if (still_complaints)
{
ignore(customer);
register(customer, big_Bill_book);
/* We’ll get him when everyone uses Billware!!*/
}
}
problemas com v
When I click on show hidden files from folder options, it keeps reverting back to “Do not show hidden files & folder”.
What do I di?
please help me
Happy saini
pls. help me when i look some of my files there is a folder entitled “New Folder” then when I click it you thought it was nothing then I discover that it disables task manager, regedit and others maybe my avg, spybot cannot detect it… how can I erase it when it is right protected?
hai…. how can i heal \”NewFolder\” Trojan….?
it is infected in my computer also in flash drive….
so plz send me a solution…. which antivirus can i choose…? Reply as soon as possible….
hopefully…..!!!
send to me free of charge realy virus cleaning to gurd my computer every day my computer effecting y virus
My PC has been infected by \WINDOWS\system32\tuvSMebX.dll Win32/Adware.Virtumonde application – quarantined NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\lsass.exe. Can you guide me how to remove it?
you any of you send me email i will be peave because im gunna have to clean up after you ok listen sharp: get avg antivirus and spybot search and destroy let them update, then run to the end. fix all problems and then wipe the virus vault. use the tools of spybot search and destroy to delete all registry errors.. and look in the startup options under tools also and toggle all the stuff thats yellow red or orange.. 99% you dont need. restart the computer without going on the internet first. then go into windows firewall and reset it to normal.. e.g. close all the wailing gigantic holes in your firewall and only open back the ones that you absoutely must use. stop visiting myspace.. its virus flooded. that is not a joke. come to hoverspot:: theres less adds. then email me and think me for good advice. also visit my site now that your virus free. the last page has tools to make your computer go 500% faster. have nice day =)
I got a big problem at the moment.
I have Kaspersky anti-virus installed.
My maleware detected I had a malware , So I click teminate, and it tells me I have to reboot to take effect
I re-boot, and the next thing I know I can’t boot into Windows vista. The splash screen is there and all, but just before windows loads.
I cant get into safe mode, I cant boot normally into windows and I cant boot Heren cd too…..very strees right now
I do appreciate you to help me to fix this.
how can i heal \”NewFolder\” Trojan….?
it is infected in my computer also in flash drive….
so plz send me a solution…. which antivirus can i choose…? Reply as soon as possible….
hopefully…..!!!
The main issue for me is how to remove THB viruses in my Pen drive & my system
Great article. I must add just the fact that it is very important to also have a powerful registry cleaner and a Microsoft Windows Optimizer because it can really count. Beside all the antiviruses and antispywares, there is the need to have the applications that i have mentioned (a good example would be to have downloaded and installed jv16 PowerTools 2009 on your computer, for maximizing the overall results).
pls i need know how to remove trojan by using CMD on my system.
thank u
adictted_dude , the Windows Kernel code was awsome,,,,
hahahah..good job W open source
Hey
My two laptops are recently behaving funny….hen I switch them on they indicate that they have booted( i se the lights ) but then the screen shows nothing….what can posibly be wrong?
oooh thank you so much<3 you saved me<33