How to remove a Password Stealer/Virii from your computer...
by -Nike

    1.  Shutdown and restart the computer in Safe Mode

    A.  If your computer is on click on the Start button. The Start menu
    will appear. (If your computer is off skip to step E.)
    B.  Select Shut Down from the menu. The 'Shut Down Windows' dialog box
    will appear.
    C.  Select 'Shut down' and click the Yes (or OK) button.  Manual Removal
    of a Trojan Virus
    D.  Wait until the "It is now safe to turn off the computer" message
    appears and turn the computer off.  Read steps E-H before continuing.
    E.  Turn the computer back on.
    F.  Immediately begin pressing the F8 key, every other second, until the
    Windows Startup menu appears.
    G.  Press 3 and then Enter to start the computer in Safe Mode.
    H.  Once Windows starts, an information message will appear explaining
    Safe Mode. Click the OK button to clear this message.

        The computer is now in Safe Mode.

    2.  Click on the Start button, then on Find, then on Find Files or
    3.  Type in "win.ini" into the Named line, select C: in the Look In line
    by clicking on the down arrow next to the line and press Find Now.
    4.  Once the file has been found it will appear below.  Right click on
    it and click on properties.
    5.  On the bottom of the window a section titled Attributes gives
    several options.  Be sure the Read-only box is unchecked.
    6.  Click on OK to exit the properties window.
    7.  Click on the Start button, then click on Run. Type "sysedit" in the
    run field and click on Ok.
    8.  The System Configuration Editor will appear with six windows found
    stacked on top of one another. Close the first two windows by clicking on
    the "X" in the upper-right-hand corner. The "C:\windows\WIN.INI" window will
    be selected for editing.
    9.  Locate the line that begins with "load=".  Place a semicolon (;) in
    front of the line so that it reads:
    ;load=(other text may remain here)    Write this line down.  You will be
    using this information later.

    NOTE:  Many trojan viruses use the load= line.  This line is also used
    occasionally by other programs, so it could contain both trojans and valid
    programs.  Inserting a semicolon will prevent trojan files from loading but
    it may also disable functions of other programs.  After completing this
    process and rebooting Windows, if you recognize that a valid program will
    not load normally contact the manufacturer of that program.  When contacting
    them, ask if an entry for their program should be placed in the load= line.

    10. Locate the line that begins with "run=".  Place a semicolon (;) in
    front of the line so that it reads:
    ;run=(other text may remain here)     Write this line down also.  You will
    be using this information later.

    NOTE: The above note also applies to the run= line.

    11. Click on File in the upper-left corner and click Save.
    12. If you do not see anything next to "load=" or "run=", close the
    WIN.INI by clicking on the "X" in the upper-right corner.
    "C:\windows\SYSTEM.INI" will be the window open for editing.
    13. Locate the line that begins with "shell=explorer.exe".
    14. If there is anything written after "shell=explorer.exe" write it
    down (usually something like: Winsyst.exe). If there, "Winsyst.exe" is the
    name of a trojan that is infecting your computer and you will need to search
    for it in step 18 below. Now with that written down, erase everything
    written after "shell=explorer.exe" on that line. (Be absolutely sure you
    leave "shell=explorer.exe" and subsequent lines).
    15. Click on File in the upper left hand corner and then click save.
    16. Close the system configuration editor by clicking on the "X" in the
    upper-right corner.
    17. For complete disinfection, you need to remove the virus files.
    After rebooting the computer, click the Start button, click on Find, then
    click on Files or folders.  This opens the Find utility on your screen.

    NOTE: To determine the name of the infecting trojan file so you can type it
    into the Find utility, refer to the lines you wrote down in steps 9 and 10
    above.  Entries in the load= and run= lines are paths that point to a
    specific file and tell it to run.  A path starts with a drive letter and
    ends with the name of the file being run.  For example, if you see
    "C:\windows\temp\pkg3243.exe", then pkg3243.exe is what you would enter into
    the Find box.  This is the name of the trojan infecting your computer.

    Check the list below to see if one of the files appears on your load= or
    run= line.  If so, go to step 18 to delete that file.  The list below does
    not contain the names of all possible trojans, just the most common ones.

LensHellArchive.com - The Largest Aol/Aim/Yahoo Prog Archive in the World! - Beav, Lens Hell, LensHell, LensHell Archive, aol prog, yahoo prog, aim prog, progs, punter, booter, cracker, buster, forum, lenshell forum, games, free games, free flash games, flash games
©2007-2010 LensHellArchive.com