Thursday, July 30, 2009

How can I gain access to C:\windows\system32 and delete a virus?

Norton antivirus detects a virus (w32.spybot.worm) in my system32 folder in windows and cant do anthing because access was denied... How do I get rid of the virus? Whether manually or through norton?

How can I gain access to C:\windows\system32 and delete a virus?
Do a regedit.





Use regedit.





Go to "Start" and click on it.





Go to "Run" and click on it.





In the dialog box that appears, type in "regedit" and hit Enter.





In the Registry Edit Panel that appears, go to Edit and click on it. In the drop down menu that appears, go to Find and click on it.





In the dialog box that appears, type in "w32.spybot.worm" and hit Enter.





Select all the values that populate the right side of the panel and right click and delete all of them.





Repeat this again doing Find Next.





Once you get no results, you know that it's all gone.





Remember to disable System Restore while doing this so that you don't get a copy saved there.





Reboot and enable System Restore and you're home free!





All the best!





Cheers!





Simon Templar





PS,





Whoops, I'd just helped another lady get rid of her Trojan and she had XP Home, where she couldn't find "Run". If you have the same problem, please do ctrl alt del and then go to File and then click on "New Task [Run] ... and then the rest is as above.
Reply:Hmm, i would just reboot and before windows loading screen comes up hit f8 and start in safe mode (administrator). Turn off system restore, and try running nortons then. If nortons cant delete it (if it quarantines it, undo or restore the virus from there), go to Start%26gt;my computer and go into C: then windows folder, then system32 (make sure you can view all files..) and manually delete it from there, don't forget to empty recycle bin.





Scan again, hopefully it will be gone. If not then you may have to redo the drive.





BTW, I don't think deleting registry keys will remove the actual virus files themselves, just the pointers to them..which may be needed if you manually delete (but in addition to deleting the files)
Reply:You need to be logged on as an administrator which you might be,


next hit alt-control-delete and close the virus(if you know the name of the executable) or you can get this program Unlocker or WhoLockMe off the internet.

strawberry
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)