the steps below to remove its execution at startup.
1. Download procexp.exe(process explorer) and autoruns.exe from the below URL which are freely
available .
http://technet.microsoft.com/hi-in/sysinternals/25e27bed-b251-4af4-b30a-c2a2a93a80d9(enus).
aspx
2. Procexp.exe(http://live.sysinternals.com\procexp.exe) is used to kill the unwanted processes
running in background. If your application is getting closed immediately after it opens, You can
use this tool to identify such process and to kill it. After killing the virus related process follow
the below step to disable that application at next startup.
3. The Autoruns.exe(http://live.sysinternals.com\autoruns.exe) windows utility is a more useful
alternative to windows built-in tool “msconfig” which shows what programs and services are set
to start automatically with windows.Autorun.exe displays every entry that starts at system startup.
Look at the file signatures., i.e Microsoft Corporation for Microsoft products, Sun
Microsystems.Inc for java software etc., If you didn’t find any signature corresponding to it, Look
at it carefully. If its installed by you keep that entry else delete that entry. For example ,look at
the below autorun.exe output.
C:\Windows\smss Logon Application
C:\svchost Logon Application
C:\windows\Explorer.exe Logon Application Microsoft Corporation
c:\windows\explorer.exe
C:\java\java Application Sun Microsystems. Inc c:\java\java.exe
Both the first two entries doesn’t have signatures associated with them, so we can delete both
these entries.
NOTE : if these tools are not available , you can do the same by using windows built-in tools like
taskmgr.exe and msconfig.exe with less efficiency.
No comments:
Post a Comment