If you pc get infected by a virus your registry will be modified by the virus, this ensures virus to keep coming back, number of registry locations modified and they are described as follows.
Location 1
Location 1
- Open registry editor
- First navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- In the right side see if there is suspected key (specially look for a key that running locations such as C:\WINDOWS\ or C:\WINDOWS\system32)
- Delete the suspected key
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- Also in here look for a suspected keys as described above, and delete them
- Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
- In the right side find "Shell" key and verify its value data set as Explorer.exe if it is changed, erase the existing value and change it back to Explorer.exe
- Also find "Uihost" key and verify its value data set as logonui.exe
- Last find "Userinit" key and verify its value data set as C:\WINDOWS\system32\userinit.exe, there shouldn't be anything after comma, if it does erase the value data and change it back to C:\WINDOWS\system32\userinit.exe,
No comments:
Post a Comment