Enter your Keyword, Search here,

Change the Taskbar Location

You always see the Windows taskbar appear on the bottom of your screen. That does not always have to be the case. It is possible to move the taskbar to every side of the screen.This allows you to really change the look of Windows XP, If you moved your taskbar to the left side of the screen.
Moving the taskbar is very simple.There are just three basic steps:
  • You will want to unlock the taskbar if it is already locked.
  • Right-click an open part of the taskbar and select Lock the Taskbar,if there is a check next to the entry.
  • Click and hold your mouse on any part of the taskbar where there are no icons,such as the system clock,and drag the taskbar to different sides by moving your mouse in the general direction.
  • When you have the taskbar where you want it,you may want to readjust your toolbars inside the taskbar, such as the Quick Launch bar.
  • Then lock it back up again by right-clicking it and selecting Lock the Taskbar.
Try the Change...
Written by: No comments :
Tags: , ,

Removing Pop-up Help for Users

Ever notice that when you hover your mouse over a program listing in the Start Menu,a little yellow Help box will pop up on Windows Xp?
This Help feature is called Balloon Help.

If a user does not know what a program does, user can hold the mouse over the program for a second or so and a little message will fade in telling user what it is, if the programmer has set up this feature of the user's
program.

For other programs that do not have this feature set up in their shortcut, it will just tell the user where the program is located on user's computer. This feature can be very useful for a beginning computer user.

Sometimes the Pop-up Help can become an annoyance and just blocks your screen. If you do not need this feature,why not disable it?
Follow these steps to get rid of this feature:
  • Click the Start Menu and select Run and then type regedit in the box and click OK. 
  • Once the Registry Editor is loaded,navigate though HKEY_CURRENT_USER-
    Software-Microsoft-Windows-CurrentVersion-Explorer-Advanced 
  • Right-click the entry called ShowInfoTip and select Modify
  • Set the value equal to 0 to disable this feature,and click OK.
    Close the Registry Editor and log off and back so the feature can be removed.
Logoff and then logon to see the effect...
Written by: No comments :
Tags: , , ,

Manual Removal of Win32.CeeInject Trojan

Manual Removal of Win32.CeeInject Trojan.
Win32.CeeInject Trojan is a trojan. The trojan will infect Windows systems.
This trojan first appeared on January 15, 2009.
Other names of Win32.CeeInject Trojan:
This trojan is also known as Trojan-Downloader.Win32.QQHelper.gfg, W32/Pushbot,Trojan-Downloader:W32/QQHelper.XC.
Damage Level : Medium/High
Distribution Level: Unknown
No Removal Tool for Win32.CeeInject Trojan
Trojan Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
  • %Windows\fxstaller.exe [ 311.296 KByte ] [ Kill the Process, Use Killbox if your Access Denied ]
  • %ProgramFiles%\bifrost\server.exe
  • %ProgramFiles%\java\msn.exe
  • %ProgramFiles%\massenger live\server.exe
  • %System%\avs.exe
  • %System%\bifrost\server.exe
  • %System%\cmd32.exe
  • %System%\mldmm.exe
  • %System%\msn\system.exe
  • %System%\progrmas\server.exe
  • %System%\rbjeivpetkbayv.exe
  • %System%\scuccccmunafgb.exe
  • %System%\service.exe
  • %System%\system\windows.exe
  • %System%\twext.exe
  • %Temp%\ixp000.tmp\act.exe
  • %Temp%\ixp000.tmp\burimi.exe
  • %Temp%\ixp000.tmp\pa.exe
  • %Temp%\ixp000.tmp\pack.exe
  • %Temp%\ixp000.tmp\service.exe
  • %Temp%\ixp001.tmp\1.exe
  • %Temp%\rarsfx0\1.exe
  • %Windir%\bifrost\server.exe
  • %Windir%\cftmon32.exe
  • %Windir%\config\polcmd32.exe
  • %Windir%\libsrv32.exe
  • %Windir%\service.exe
  • %Windir%\shvhost.exe
  • %Windir%\sqihost32.exe
  • %Windir%\sqlhostt32.exe
  • c:\ed.exe
    • If you have any of these files in running process from task manger, end the process before removal.
    • Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg
    • Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.
Trojan Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
  • Download this UnHookExec.inf, and then continue with the removal.Save it to your Windows desktop. Do not run it at this time, download it only.
  • After booting into the Safe Mode or VGA Mode
  • Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]
The Trojan modifies registry at the following locations to ensure its automatic execution at every system startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
fxstaller.exe
Delete this Entry

Search Registry For Virus File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Killbox (Freeware)
Written by: No comments :
Tags: , , , , , , , ,

Manual Removal of W32/QQHelper.GFG Trojan

Manual Removal of W32/QQHelper.GFG Trojan.
W32/QQHelper.GFG is a trojan. The trojan will infect Windows systems.
This trojan first appeared on January 15, 2009.
Other names of W32/QQHelper.GFG Trojan:
This trojan is also known as Trojan-Downloader.Win32.QQHelper.gfg, W32/Pushbot,Trojan-Downloader:W32/QQHelper.XC.
Damage Level : Medium/High
Distribution Level: Unknown
No Removal Tool for W32/QQHelper.GFG Trojan
Trojan Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
  • %Windows\fxstaller.exe [ 311.296 KByte ] [ Kill the Process, Use Killbox if your Access Denied ]
  • %Documents and Settings\Default User\Local Settings\Temp\IXP001.TMP
  • %Documents and Settings\Default User\Local Settings\IXP001.TMP\burimi.exe [ 311.296 KByte ]
  • %Documents and Settings\Default User\Local Settings\IXP000.TMP\burimis.exe [ 118.784 KByte ]
  • These ports were open in the system
  • Prot -1033 Protocol - TCP - Process - fxstaller.exe (%Windows\fxstaller.exe)
  • Prot -1034 Protocol - TCP - Process - fxstaller.exe (%Windows\fxstaller.exe)
    • If you have any of these files in running process from task manger, end the process before removal.
    • Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg
    • Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.
Trojan Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
  • Download this UnHookExec.inf, and then continue with the removal.Save it to your Windows desktop. Do not run it at this time, download it only.
  • After booting into the Safe Mode or VGA Mode
  • Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]
The Trojan modifies registry at the following locations to ensure its automatic execution at every system startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
fxstaller.exe
Delete this Entry

Search Registry For Virus File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Killbox (Freeware)
Written by: No comments :
Tags: , , , , , ,

Manual Removal of W32/AutoIt.GC Trojan

Manual Removal of W32/AutoIt.GC Trojan.
W32/AutoIt.GC is a Trojan. The trojan will infect Windows systems.
This trojan first appeared on January 14, 2009.
Other names of W32/AutoIt.GC Trojan:
This trojan is also known as Trojan.Win32.Autoit.gc, W32/Agent.JIIR,DR/Autoit.GC.33.
Damage Level : Medium/High
Distribution Level: Medium
No Removal Tool for W32/AutoIt.GC Trojan
Try This Removal Tool
Trojan Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
  • [ Kill the Process, Use Killbox if your Access Denied ]
  • %Windows\System\csrcs.exe [ Kill the Process ]
  • %Windows\System\autorun.in 
  • %Windows\System\autorun.i
  • This Trojan Can also use the following file names
    %Windows\System\autolfb.exe, %Windows\System\csrcs.exe, %Windows\System\wscrt.exe, %Windows\systemchk.exe
    If you have any of these files in running process from task manger, end the process before removal.
    Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg
    Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.
Trojan Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
  • Download this UnHookExec.inf, and then continue with the removal.Save it to your Windows desktop. Do not run it at this time, download it only.
  • After booting into the Safe Mode or VGA Mode
  • Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]
The Trojan modifies registry at the following locations to ensure its automatic execution at every system startup:

Modifies this Entry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

Search Registry For Virus File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Killbox (Freeware)
Written by: No comments :
Tags: , , , , , , , , ,

Manual Removal of Win32/Renos.FU Trojan

Manual Removal of Win32/Renos.FU Trojan.
Currently there is no description available for this program.
Win32/Renos.FU is a Trojan. The trojan will infect Windows systems.
The trojan may be dropped by other malware or may be downloaded from remote website by other malware.
This trojan first appeared on January 13, 2009.
Other names of Win32/Renos.FU Trojan:
This trojan is also known as Trojan-Downloader.Win32.CodecPack.amx
Damage Level : Medium
Distribution Level: Medium
Trojan Worm Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
  • %Windows\System\sysmgr.exe [ Kill the Process, Use Killbox if your Access Denied ]
  • The following Names Known to be Created
  • %System%\syskernel.exe
  • %System%\winhlpp32.exe
  • %Temp%\0003a44f_rar\syswin.exe
  • %Temp%\0003b140_rar\sys32krnl.exe
  • %Temp%\virus\syskernel.exe
  • %Windir%\sysmgr.exe
  • c:\sys32krnl.exe
  • c:\sysmgr.exe
  • c:\syswin.exe
    • If you have any of these files in running process from task manger, end the process before removal.
    • Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg
    • Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.
Trojan Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
  • Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
    • Download and run this UnHookExec.inf, and then continue with the removal.
    • Save it to your Windows desktop. Do not run it at this time, download it only.
    • After booting into the Safe Mode or VGA Mode
    • Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]
The Trojan modifies registry at the following locations to ensure its automatic execution at every system startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run


Search Registry For Virus File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Killbox (Freeware)
Written by: No comments :
Tags: , , , , , ,

Manual Removal of W32/CodecPack.AMX Trojan

Manual Removal of W32/CodecPack.AMX Trojan.
W32/CodecPack.AMX is a Trojan. The trojan will infect Windows systems.
The trojan may be dropped by other malware or may be downloaded from remote website by other malware.
This trojan first appeared on January 13, 2009.
Other names of W32/CodecPack.AMX Trojan:
This trojan is also known as Trojan-Downloader.Win32.CodecPack.amx, TrojanDownloader:Win32/Renos.FU
Damage Level : Medium
Distribution Level: Medium
No Removal Tool for W32/CodecPack.AMX Trojan
Trojan Worm Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
  • %Windows\System\sysmgr.exe [ Kill the Process, Use Killbox if your Access Denied ]
  • The following Names Known to be Created
  • %System%\syskernel.exe
  • %System%\winhlpp32.exe
  • %Temp%\0003a44f_rar\syswin.exe
  • %Temp%\0003b140_rar\sys32krnl.exe
  • %Temp%\virus\syskernel.exe
  • %Windir%\sysmgr.exe
  • c:\sys32krnl.exe
  • c:\sysmgr.exe
  • c:\syswin.exe
    • If you have any of these files in running process from task manger, end the process before removal.
    • Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg
    • Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.
Trojan Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
  • Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
    • Download and run this UnHookExec.inf, and then continue with the removal.
    • Save it to your Windows desktop. Do not run it at this time, download it only.
    • After booting into the Safe Mode or VGA Mode
    • Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]
The Trojan modifies registry at the following locations to ensure its automatic execution at every system startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run


Search Registry For Virus File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Killbox (Freeware)
Written by: No comments :
Tags: , , , , , ,

Manual Removal of W32/Bdoor-ZAR Backdoor Worm

Manual Removal of W32/Bdoor-ZAR Backdoor Worm.
W32/Bdoor-ZAR is a network worm with backdoor functionality for the Windows platform.
The backdoor component accepts commands from remote users.
Other names of W32/Bdoor-ZAR Worm:
This Worm is also known as Worm.Win32.AutoRun.skg, WORM_AUTORUN.CCJ.
Damage Level : High/Medium
Distribution Level: Unknown
No Auto Removal Tool for W32/Bdoor-ZAR Backdoor Worm
Try ProtectorPlus W32/Autorun Worm Removal 1.0
Mirror Link 2
Worm Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
  • %\Windows\System\cfg.exe
  • %\config\cfg.exe [ Runs on Startup ]
  • %\config\s-1-5-21-1482476501-1644491937-682003330-1013\cfg.exe
    • If you have any of these files in running process from task manger, end the process before removal.
    • Note: if task manager is disabled
      Download the following file[ Right click and select "Save Target as" ]
      Click to Download - Enable Registry.reg
    • Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.
Backdoor Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
  • Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
  • Download and run this UnHookExec.inf, and then continue with the removal.
  • Save it to your Windows desktop. Do not run it at this time, download it only.
  • After booting into the Safe Mode or VGA Mode
  • Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components
HKLM\SYSTEM\CurrentControlSet\Services\cfg
Type dword:00000010

HKLM\SYSTEM\CurrentControlSet\Services\cfg
Start dword:00000002

HKLM\SYSTEM\CurrentControlSet\Services\cfg
ErrorControl dword:00000000

HKLM\SYSTEM\CurrentControlSet\Services\cfg
ImagePath (may be encoded)

HKLM\SYSTEM\CurrentControlSet\Services\cfg
DisplayName cfg

HKLM\SYSTEM\CurrentControlSet\Services\cfg
ObjectName LocalSystem

HKLM\SYSTEM\CurrentControlSet\Services\cfg\Security
Security

HKLM\System\CurrentControlSet\Enum\Root\LEGACY_CFG

Read More on: Sophos Security

Search Registry For Virus File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Killbox (Freeware)
Written by: No comments :
Tags: , , , , , ,

Manual Removal of W32/AutoRun.SKG Worm

Manual Removal of W32/AutoRun.SKG Worm.
W32/AutoRun.SKG is a Worm. The Worm will infect Windows systems.
This Worm first appeared on January 12, 2009.
Other names of W32/AutoRun.SKG Worm:
This Worm is also known as Worm.Win32.AutoRun.skg, WORM_AUTORUN.CCJ.
Damage Level : High/Medium
Distribution Level: Unknown
No Auto Removal Tool for W32/AutoRun.SKG Worm
Try W32/Autorun Worm Removal 1.0
Mirror Link 2
Worm Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
  • %\config [ Creates on Windows Installed Drive Root Folder ]
  • %\config\cfg.exe [ Runs on Startup ]
  • %\config\s-1-5-21-1482476501-1644491937-682003330-1013\cfg.exe
    • If you have any of these files in running process from task manger, end the process before removal.
    • Note: if task manager is disabled
      Download the following file[ Right click and select "Save Target as" ]
      Click to Download - Enable Registry.reg
    • Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.
Worm Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
  • Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
  • Download and run this UnHookExec.inf, and then continue with the removal.
  • Save it to your Windows desktop. Do not run it at this time, download it only.
  • After booting into the Safe Mode or VGA Mode
  • Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components

Search Registry For Virus File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Killbox (Freeware)
Written by: No comments :
Tags: , , , , ,

Speeding Up System Boot - What Hardware Devices should I Disable ?

Each user uses (or doesn't use) devices differently,depending on the system setup. Nonetheless, some classes of devices are more commonly disabled than others.Knowing which ones will help you make a decision as to what devices you should disable.The following classes of devices are frequently disabled:

To quickly determine the status of a device, check out the icon next to its name. All devices that are disabled have a red X over the icon. All devices that have a question mark or an explanation point on them are not set up correctly or are having problems. All devices with none of the above additions to the icon are runningññand doing so without any problems.
Network Adapters
Especially on Notebook computers,there are often more than one network device. Disabling the network devices that you do not use will definitely save you some booting time.

Fire wire
If you have 1394 connections,otherwise known as fire wire,you might consider disabling them. Unless you are using your fire wire port to connect your digital
video recorder to your computer,or have other external fire wire devices,you have no need to have this device enabled.

Modems
Do you have a broadband connection? If so,then consider disabling your modem. If you rarely use it,disable it. If you ever need to use it again,just re-enable it.

Multimedia devices
Your computer has lots of multimedia devices. Take a look at the
ìSound,video,and game controllersîsection in Device Manager. You will find a lot of device drivers that are loaded during your boot.Some are used by all users,but others will find a few that they do not use.For example,I do not use my game port or my MIDI device,so I disabled both of those.

PCMCIA
If you are a laptop user,consider disabling your PCMCIA card controller, located under ìPCMCIA adapters."The PCMCIA (Personal Computer Memory Card International Association ) slot is a special expansion slot that is rarely used today on laptops except for wireless and wired network cards and card reader attachments for compact flash and other solid state memory cards.Most laptops now have built-in network adapters and some even have built-in wireless adapters.If you do not use your PCMCIA adapter, it is yet another device that can be safely disabled.
Caution
Do not disable any hardware devices that are located under the Disk Drives, Computer, Display Adapters, IDE Disk Controllers, and the System sections (except for the system speaker) because these hardware devices are critical to the operation of your computer.
Written by: No comments :
Tags: , , , , ,

Manual Removal of ExpressAntiVirus2009 Trojan

Manual Removal of ExpressAntiVirus2009 Trojan.
ExpressAntiVirus2009 is a misleading application that may give exaggerated reports of threats on the computer.
Publisher: ExpressAntiVirus2009.com
Damage Level : Medium
Distribution Level: Low
Trojan Worm Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
  • %ProgramFiles\exav\av.ini
  • %ProgramFiles\exav\base.dll
  • %ProgramFiles\exav\borlndmm.dll
  • %ProgramFiles\exav\expressav.exe [ Kill the Process, Use Killbox if your Access Denied ]
  • %Documents and Settings\[User Name]\Application Data\Local settings\Temp
    • If you have any of these files in running process from task manger, end the process before removal.
    • Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg
    • Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.


Unregister DLL Files Using Windows Command Prompt
  • To open the Windows Command Prompt, go to Start > Run > type cmd and then click the "OK" button.
  • Type "cd" in order to change the current directory,
  • Press the "space" button, enter the full path to where you believe the System Antivirus 2008 DLL file is located press the "Enter" button on your keyboard.
  • If you don't know where System Antivirus 2008 DLL file is located, use the "dir" command to display the directory's contents.
  • To unregister "System Antivirus 2008" DLL file,
  • Type in the exact directory path + "regsvr32 /u" + [DLL_NAME]
  • (C:\Windows\System\ regsvr32 /u lsasrv.dll) and press the "Enter" button.
  • A message will pop up that says you successfully unregistered the file.
Trojan Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
  • Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
    • Download and run this UnHookExec.inf, and then continue with the removal.
    • Save it to your Windows desktop. Do not run it at this time, download it only.
    • After booting into the Safe Mode or VGA Mode
    • Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]
The Trojan modifies registry at the following locations to ensure its automatic execution at every system startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"av" = "C:\Program Files\exav\expressav.exe"
It also modifies the following registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoFind" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoRun" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoSMHelp" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoSetFolders" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"NoViewOnDrive" = "3FFFFFF"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\"DisableRegistryTools" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\"DisableTaskMgr" = "1"
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\"NoBrowserOptions" = "1"
1 = On, 0 = Off


Search Registry For Virus File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Killbox (Freeware)
Written by: No comments :
Tags: , , , , , ,

Manual Removal of Parite.B Trojan

Manual Removal of Parite.B Trojan.
Parite.B is a Trojan. The Trojan will infect Windows systems.
A virus capable to modify other files by infecting, prepending, or overwriting them them with its own body. A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment
Damage Level : Medium/High
Distribution Level: Medium
Removal Tool for Virus Parite.B Trojan
Download Removal Tool
Trojan Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
  • [ Kill the Process, Use Killbox if your Access Denied ]
  • %Windows\System\ckvo.exe
  • %Windows\svchost.exe
    %Windows\system\svchost.exe
  • This Trojan Can also use the following file names
    %Windows\System\ckvo.exe, c:\08dgu.com, c:\0gjn3yw.exe, c:\0savi1.exe, c:\1rfw8hjr.com, c:\2fiji.com, c:\39lpji.com, c:\68.exe, c:\83fgj.com, c:\b3b9u.com, c:\bpu.exe, c:\e.com, c:\e9ehn1m8.com, c:\ffojc.com, c:\g2pfnid.com, c:\itsduel.exe, c:\ktnquo.exe, c:\l63snn8.exe, c:\n.com, c:\p83gjy.exe, c:\ph.com, c:\sq.com, c:\t1ypkh.exe, c:\tyktjfww.exe, c:\u9dyi.exe, c:\vxl.exe, c:\xlk9.com, c:\xqf.com, c:\ybj8df.exe
    If you have any of these files in running process from task manger, end the process before removal.
    Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg
    Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.
Trojan Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
  • Download this UnHookExec.inf, and then continue with the removal.Save it to your Windows desktop. Do not run it at this time, download it only.
  • After booting into the Safe Mode or VGA Mode
  • Right-click the UnHookExec.inf file and click Install. [This is a small file. It does not display any notice or boxes when you run it.]
The Trojan modifies registry at the following locations to ensure its automatic execution at every system startup:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
kamsoft = "%System%\ckvo.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue = 0x00000000
Search Registry For Virus File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Killbox (Freeware)
Written by: No comments :
Tags: , , ,

More Posts that you may be interested...