Windows PC Tips, Tricks, Tools

Cannot Open EML file with Windows Live Mail

2016-06-03T17:15:00.000+05:30

How to fix Windows Live Mail Won't Open Saved .eml Files in Windows. EML files that are saved form of email received in Windows Live Mail.

Many users getting error while opening eml files in their system. They can't open email after they are saved or windows live mail open itself but not showing the saved or opened eml file.

To fix this issue :

Open Run command ( + R)
Type regedit and press enter
Goto : HKEY_CLASSES_ROOT\ and delete ".eml" folder.
Goto : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\ and delete ".eml" folder.
Restart Windows Explorer or PC
Open EML file and choose windows live mail as default.

Now EML files should be working fine.

Windows 7 Tweaks - FavSofts

2011-10-08T20:03:00.001+05:30

Windows 7 Tweaks - FavSofts is a handy and reliable application designed to enable you to add shortcuts to your desktop context menu. Easily accessible from desktop to your recently used programs. You need to check the Status first, if the application key is not available it creates the key automatically. Then it creates the application shortcut to Windows 7 desktop cascade context menu. Browse Windows application executable files and enter a name and simply press Apply changes. It's that easy.

Download from http://www.softpedia.com/get/System/OS-Enhancements/Windows-7-Tweaks.shtml

Manual Removal of W32/AntiVirusPro.FS Trojan » AdwarePro.exe

2010-03-10T08:04:00.001+05:30

W32/AntiVirusPro.FS Trojan Known Files » AdwarePro.exe, StartApp.exe, uninst.exe, SSEngine.dll

Image Source: Bleepingcomputer.com

W32/AntiVirusPro.FS is a trojan.The trojan will infect Windows systems.
This Trojan Copies its file(s) to Windows\System32 folder as hidden files or active non-hidden files.

W32/AntiVirusPro.FS Trojan information updated on February 26, 2009.
Other names of W32/AntiVirusPro.FS Trojan:
W32/AntiVirusPro.FS Trojan is also known as Trojan.Fakealert.SL, Trojan.Win32.Shutdowner.cqi, FraudTool.Win32.AntiVirusPro.fs.

Download Registry, Taskmanager and Folder Options Repair Tool

W32/AntiVirusPro.FS Trojan Manual Removal Instructions

Recommended Removal from Windows Safe Mode:
How to Start Windows in Safe Mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
[ Kill the Process, Use Killbox if your Access Denied ]

~~Download W32/SdBot.CNG Trojan Known File Removal Tool~~
[In Windows Vista Run As Administrator, After Execution System Will Restart ]

%Program Files\AdwarePro\AdwarePro.exe
%Program Files\AdwarePro\StartApp.exe
%Program Files\AdwarePro\uninst.exe
%Program Files\AdwarePro\SSEngine.dll

[ No Exact Information about Files, search above related files in Program files Folder ]
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Download - Enable Registry.reg
[ Right Click - Save Target As/Linked Content As ]
Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

Unregister DLL Files Using Windows Command Prompt
To open the Windows Command Prompt, go to Start - Run, type cmd and then click the "OK" button.
Type "cd" in order to change the current directory,
Press the "space" button, enter the full path to where you believe the Program DLL file is located press the "Enter" button on your keyboard.
If you don't know where Program DLL file is located, use the "dir" command to display the directory's contents.

To unregister a "Program" DLL file,
Type in the exact directory path + "regsvr32 /u" + [ DLL_NAME ]

Example [ C:\Windows\System\ regsvr32 /u filename.dll ] and press the "Enter" button.
A message will pop up that says you successfully unregistered the file.

W32/AntiVirusPro.FS Trojan Entries Manual Removal From RegistryClick Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
Download UnHookExec.inf,
[ Right Click - Save Target As/Linked Content As ]
Save it to your Windows desktop.
Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
Right-click the UnHookExec.inf file and click Install.
[This is a small file. It does not display any notice or boxes when you run it.]
Or Download Regfile to enable Registry editor
Download Registry Enabler [ Right click - Save Target As ]
Open it with Registry editor

W32/AntiVirusPro.FS Trojan modifies registry at the following locations to ensure its automatic execution at every system Startup:
Delete The Entries

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Delete file entries from right side, look up file entries listed above
Search Registry For W32/AntiVirusPro.FS Trojan File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Windows Tips - Windows Prefetcher

2010-02-01T07:30:00.009+05:30

What is the Prefetcher?
It is a very nifty component of Windows that can seemingly read your mind and will start loading your program seconds before you actually start it to boost the startup of the application.

Although the Prefetcher keeps track of the applications that you run, creates optimized copies of them, and stores them in a special cache on your computer, this special cache is simply a location on your hard disk that has no,or very few, file fragments and stores application setting files. The next time you start your program,Windows will load it out of the Prefetcher cache, which is what causes the application to start up quicker.

If you really want to investigate this matter further, take a look at the Prefetcher cache. It is located in the Windows directory inside the Prefetcher folder. In Windows Vista and Windows 7 folder named as Windows\Prefetch, normally only system can access to Prefetch folder, while open click continue to access the folder. You will notice that the cache does not have an exact copy of each application because the files are a fraction of the size of the actual application executable file. Rather, it just has fragments of applications that are used to boost the performance of the startup.

The Prefetcher constantly monitors what applications you are running, even during parts of the bootup. That information is then passed on to help the disk defragenter optimize the boot files.
The Prefetcher is a very complex component. The majority of the settings can be changed by hacking the registry; however, due to a lack of documentation on these settings, changing them without any guidance would be very risky. Thankfully, a few tips have surfaced in the vast documentation buried at Microsoft’s site and revealed in Microsoft’s applications.

Create a Shortcut to Abort Shutdown

2010-01-19T07:30:00.001+05:30

If any rouge application tries to restart your PC, with a shutdown countdown timer. You can abort that shutdown with a code that execute from Start - Run

The Shutdown aborting code is
" shutdown -a "

You also can create Desktop shortcuts to abort shutdown

Right Click on Desktop and Select New - Shortcut

In Path
Type : shutdown.exe -a

and click Next, Write a name like, " Abort Shutdown ".

When your PC Starts to Shutdown open this shortcut to stop shutdown process.

Manual Removal of W32/SdBot.CNG Trojan » VMwareservice.exe

2010-01-12T07:30:00.001+05:30

W32/SdBot.CNG Trojan Known Files » isqsys32.exe, wiaservg.log
W32/SdBot.CNG is a trojan.The trojan will infect Windows systems.
This Trojan Copies its file(s) to Windows\System32 folder as hidden files or active non-hidden files.

This trojan information updated on November 7, 2009.
Other names of W32/SdBot.CNG Trojan:
This trojan is also known as Backdoor:W32/SdBot.CNG, Worm:Win32/Neeris.AN, W32/Virut.gen.A.

Download Registry, Taskmanager and Folder Options Repair Tool

W32/SdBot.CNG Trojan Manual Removal Instructions

Recommended Removal from Windows Safe Mode:
How to Start Windows in Safe Mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
[ Kill the Process, Use Killbox if your Access Denied ]

~~Download W32/SdBot.CNG Trojan Known File Removal Tool~~
[In Windows Vista Run As Administrator, After Execution System Will Restart ]

%Windows\System32\VMwareservice.exe
%Windows\System32\csrsc.exe

[ No Exact Information about Files, search above related files in Program files Folder ]
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Download - Enable Registry.reg
[ Right Click - Save Target As/Linked Content As ]
Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

W32/SdBot.CNG Trojan Entries Manual Removal From RegistryClick Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
Download UnHookExec.inf,
[ Right Click - Save Target As/Linked Content As ]
Save it to your Windows desktop.
Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
Right-click the UnHookExec.inf file and click Install.
[This is a small file. It does not display any notice or boxes when you run it.]
Or Download Regfile to enable Registry editor
Download Registry Enabler [ Right click - Save Target As ]
Open it with Registry editor

W32/SdBot.CNG Trojan modifies registry at the following locations to ensure its automatic execution at every system Startup:
Delete The Entries

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
remove VMwareservice entry

Delete file entries from right side, look up file entries listed above
Search Registry For W32/Bredolab.AL Trojan File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Manual Removal of W32/Magania.CAIR Trojan » bigdoor.exe

2010-01-09T07:30:00.002+05:30

W32/Magania.CAIR Trojan Known Files » bigdoor.exe, cyban.exe, bigmn0.dll, bigie0.dll, ieban0.dll, cyban0.dll, rg.exe, uxnrt.exe
W32/Magania.CAIR is a trojan. The trojan will infect Windows systems.
This Trojan Copies its file(s) to Windows folder as hidden files or active non-hidden files.

W32/Magania.CAIR Trojan information updated on November 6, 2009.
Other names of W32/Magania.CAIR Trojan:
W32/Magania.CAIR Trojan is also known as W32.Gammima, Win32/PSW.OnLineGames.NMY, W32/Lineage.LCZ.

Download Registry, Taskmanager and Folder Options Repair Tool
W32/Magania.CAIR Trojan Manual Removal Instructions

Recommended Removal from Windows Safe Mode:
How to Start Windows in Safe Mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
[ Kill the Process, Use Killbox if your Access Denied ]

Download W32/Magania.CAIR Trojan Known File Removal Tool
[In Windows Vista Run As Administrator, After Execution System Will Restart ]

%Windows\System32\bigdoor.exe
%Windows\System32\cyban.exe
%Windows\System32\bigmn0.dll
%Windows\System32\bigie0.dll
%Windows\System32\ieban0.dll
%Windows\System32\cyban0.dll
%Root of Windows Drive\rg.exe
%%Root of Windows Drive\uxnrt.exe

[ No Exact Information about Files, search above related files in Program files Folder ]
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Download - Enable Registry.reg
[ Right Click - Save Target As/Linked Content As ]
Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

W32/Magania.CAIR Trojan Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
Download UnHookExec.inf,
[ Right Click - Save Target As/Linked Content As ]
Save it to your Windows desktop.
Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
Right-click the UnHookExec.inf file and click Install.
[This is a small file. It does not display any notice or boxes when you run it.]
Or Download Regfile to enable Registry editor
Download Registry Enabler [ Right click - Save Target As ]
Open it with Registry editor

W32/Magania.CAIR Trojan modifies registry at the following locations to ensure its automatic execution at every system Startup:
Delete The Entries

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_USERS\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXX-XXXX\Software\Microsoft\Windows\CurrentVersion\Run

Delete file entries from right side, look up file entries listed above
Search Registry For W32/Bredolab.AL Trojan File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Manual Removal of W32/Mytob.RG Worm » win-explorer.exe

2010-01-07T07:30:00.001+05:30

W32/Mytob.RG Worm Known Files » isqsys32.exe, wiaservg.log
W32/Mytob.RG is a worm. The worm will infect Windows systems.
This Trojan Copies its file(s) to Windows folder as hidden files or active non-hidden files.

W32/Mytob.RG Worm information updated on November 5, 2009.
Other names of W32/Mytob.RG Worm:
W32/Mytob.RG Worm is also known as Net-Worm.Win32.Mytob.rg, W32/Mytob, W32/Qhost.FWZ, Win32/AutoRun.IRCBot.CX. Download Registry, Taskmanager and Folder Options Repair Tool

W32/Mytob.RG Worm Manual Removal Instructions

Recommended Removal from Windows Safe Mode:
How to Start Windows in Safe Mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
[ Kill the Process, Use Killbox if your Access Denied ]

~~Download W32/Mytob.RG Worm Known File Removal Tool~~
[In Windows Vista Run As Administrator, After Execution System Will Restart ]

%Windows\win-explorer.exe

[ No Exact Information about Files, search above related files in Program files Folder ]
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Download - Enable Registry.reg
[ Right Click - Save Target As/Linked Content As ]
Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

W32/Mytob.RG Worm Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
Download UnHookExec.inf,
[ Right Click - Save Target As/Linked Content As ]
Save it to your Windows desktop.
Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
Right-click the UnHookExec.inf file and click Install.
[This is a small file. It does not display any notice or boxes when you run it.]
Or Download Regfile to enable Registry editor
Download Registry Enabler [ Right click - Save Target As ]
Open it with Registry editor

W32/Mytob.RG Worm modifies registry at the following locations to ensure its automatic execution at every system Startup:
Delete The Entries

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Delete file entries from right side, look up file entries listed above
Search Registry For W32/Bredolab.AL Trojan File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Manual Removal of W32/Bredolab.AL Trojan » isqsys32.exe

2009-12-31T07:30:00.001+05:30

W32/Bredolab.AL Trojan Known Files » isqsys32.exe, wiaservg.log
W32/Bredolab.AL is a trojan. The from address of the mail containing trojan is spoofed. It poses as the mail is arrived from Facebook, which is a popular networking site.
This Trojan Copies its file(s) to Documents and Settings\Default User\Application Data, Documents and Settings\Default User\Start Menu\Programs\StartUp folder as hidden files or active non-hidden files.

W32/Bredolab.AL Trojan information updated on November 4, 2009.
Other names of W32/Bredolab.AL Trojan:
W32/Bredolab.AL Trojan is also known as BKDR_BREDOLAB.AL, Troj/BredoZp-M.
Download Registry, Taskmanager and Folder Options Repair Tool

W32/Bredolab.AL Trojan Manual Removal Instructions

Recommended Removal from Windows Safe Mode:
How to Start Windows in Safe Mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
[ Kill the Process, Use Killbox if your Access Denied ]

~~Download W32/Bredolab.AL Trojan Known File Removal Tool~~
[In Windows Vista Run As Administrator, After Execution System Will Restart ]

%Documents and Settings\Default User\Application Data\wiaservg.log
%Documents and Settings\Default User\Start Menu\Programs\StartUp\isqsys32.exe

[ No Exact Information about Files, search above related files in Program files Folder ]
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Download - Enable Registry.reg
[ Right Click - Save Target As/Linked Content As ]
Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

W32/Bredolab.AL Trojan Entries Manual Removal From RegistryClick Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
Download UnHookExec.inf,
[ Right Click - Save Target As/Linked Content As ]
Save it to your Windows desktop.
Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
Right-click the UnHookExec.inf file and click Install.
[This is a small file. It does not display any notice or boxes when you run it.]
Or Download Regfile to enable Registry editor
Download Registry Enabler [ Right click - Save Target As ]
Open it with Registry editor

W32/Bredolab.AL Trojan modifies registry at the following locations to ensure its automatic execution at every system Startup:
Delete The Entries

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID

Delete file entries from right side, look up file entries listed above
Search Registry For W32/Bredolab.AL Trojan File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Kaspersky Antivirus or Internet Security [ Shareware ]
Spyware Doctor [ Shareware ]
AVG Antivirus [ Freeware ]
Killbox [ Freeware ]

Manual Removal of W32/AutoRun.GNE Worm » GoogleDesktop.exe

2009-12-24T07:30:00.001+05:30

W32/AutoRun.GNE Worm Known Files » GoogleDesktop.exe

W32/AutoRun.GNE is a worm. The worm will infect Windows systems.
This Worm Copies its file(s) to Documents and Settings\Default User\Local Settings\Temp folder as hidden files or active non-hidden files.

W32/AutoRun.GNE Worm information updated on November 3, 2009.
Other names of W32/AutoRun.GNE Worm:
W32/AutoRun.GNE Worm is also known as W32/Autorun.worm.h, Trojan:Win32/Otran, Win32/Merond.X, W32/AutoRun.WPU.

Download Registry, Taskmanager and Folder Options Repair Tool

W32/AutoRun.GNE Worm Manual Removal Instructions

Recommended Removal from Windows Safe Mode:
How to Start Windows in Safe Mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
[ Kill the Process, Use Killbox if your Access Denied ]

~~Download W32/AutoRun.GNE Worm Known File Removal Tool~~
[In Windows Vista Run As Administrator, After Execution System Will Restart ]

%Documents and Settings\Default User\Local Settings\Temp\GoogleDesktop.exe

[ No Exact Information about Files, search above related files in Program files Folder ]
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Download - Enable Registry.reg
[ Right Click - Save Target As/Linked Content As ]
Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

W32/AutoRun.GNE Worm Entries Manual Removal From RegistryClick Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
Download UnHookExec.inf,
[ Right Click - Save Target As/Linked Content As ]
Save it to your Windows desktop.
Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
Right-click the UnHookExec.inf file and click Install.
[This is a small file. It does not display any notice or boxes when you run it.]
Or Download Regfile to enable Registry editor
Download Registry Enabler [ Right click - Save Target As ]
Open it with Registry editor

W32/AutoRun.GNE Worm modifies registry at the following locations to ensure its automatic execution at every system Startup:
Delete The Entries

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Delete file entries from right side, look up file entries listed above
Search Registry For W32/AutoRun.GNE Worm File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Kaspersky Antivirus or Internet Security [ Shareware ]
Spyware Doctor [ Shareware ]
AVG Antivirus [ Freeware ]
Killbox [ Freeware ]

Manual Removal of W32/AutoRun.TDY Worm » XP-6FDD3E33.EXE

2009-12-23T07:54:00.000+05:30

W32/AutoRun.TDY Worm Known Files » XP-6FDD3E33.EXE

W32/AutoRun.TDY is a worm. The worm will infect Windows systems.
This Worm Copies its file(s) to Windows\System32 folder as hidden files or active non-hidden files.

W32/AutoRun.TDY Worm information updated on November 02, 2009.
Other names of W32/AutoRun.TDY Worm:
W32/AutoRun.TDY Worm is also known as Worm.Win32.AutoRun.tdy, W32/Autorun-ATF, W32/Autorun.worm.dp.
Download Registry, Taskmanager and Folder Options Repair Tool

W32/AutoRun.TDY Worm Manual Removal Instructions

Recommended Removal from Windows Safe Mode:
How to Start Windows in Safe Mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
[ Kill the Process, Use Killbox if your Access Denied ]

~~Download W32/AutoRun.TDY Worm Known File Removal Tool~~
[In Windows Vista Run As Administrator, After Execution System Will Restart ]

%Windows\System32\XP-6FDD3E33.EXE
%Windows\System32ul.dll
%Windows\System32\og.dll

[ No Exact Information about Files, search above related files in Program files Folder ]
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Download - Enable Registry.reg
[ Right Click - Save Target As/Linked Content As ]
Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

Unregister DLL Files Using Windows Command Prompt
To open the Windows Command Prompt, go to Start - Run, type cmd and then click the "OK" button.
Type "cd" in order to change the current directory,
Press the "space" button, enter the full path to where you believe the Program DLL file is located press the "Enter" button on your keyboard.
If you don't know where Program DLL file is located, use the "dir" command to display the directory's contents.

To unregister a "Program" DLL file,
Type in the exact directory path + "regsvr32 /u" + [ DLL_NAME ]

Example [ C:\Windows\System\ regsvr32 /u filename.dll ] and press the "Enter" button.
A message will pop up that says you successfully unregistered the file.

W32/AutoRun.TDY Worm Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
Download UnHookExec.inf,
[ Right Click - Save Target As/Linked Content As ]
Save it to your Windows desktop.
Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
Right-click the UnHookExec.inf file and click Install.
[This is a small file. It does not display any notice or boxes when you run it.]
Or Download Regfile to enable Registry editor
Download Registry Enabler [ Right click - Save Target As ]
Open it with Registry editor

W32/AutoRun.TDY Worm modifies registry at the following locations to ensure its automatic execution at every system Startup:
Delete The Entries

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Delete file entries from right side, look up file entries listed above
Search Registry For W32/AutoRun.TDY Worm File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Kaspersky Antivirus or Internet Security [ Shareware ]
Spyware Doctor [ Shareware ]
AVG Antivirus [ Freeware ]
Killbox [ Freeware ]

Manual Removal of W32/Agent.CVQQ Trojan » systen.exe

2009-12-22T09:23:00.000+05:30

W32/Agent.CVQQ Trojan Known Files » systen.exe

W32/Agent.CVQQ is a trojan. The trojan will infect Windows systems.
This Trojan Copies its file(s) to Windows\System32 folder as hidden files or active non-hidden files.

This trojan information updated on November 1, 2009.
Other names of W32/Agent.CVQQ Trojan:
This trojan is also known as Trojan:Win32/Malagent, Win32/AutoRun.Delf.DC, W32/Autorun.JLL.

Download Registry, Taskmanager and Folder Options Repair Tool

W32/Agent.CVQQ Trojan Manual Removal Instructions

Recommended Removal from Windows Safe Mode:
How to Start Windows in Safe Mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
[ Kill the Process, Use Killbox if your Access Denied ]

~~Download W32/Agent.CVQQ Trojan Known File Removal Tool~~
[In Windows Vista Run As Administrator, After Execution System Will Restart ]

%Windows\System32\systen.exe

[ No Exact Information about Files, search above related files in Program files Folder ]
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Download - Enable Registry.reg
[ Right Click - Save Target As/Linked Content As ]
Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

W32/Agent.CVQQ Trojan Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
Download UnHookExec.inf,
[ Right Click - Save Target As/Linked Content As ]
Save it to your Windows desktop.
Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
Right-click the UnHookExec.inf file and click Install.
[This is a small file. It does not display any notice or boxes when you run it.]
Or Download Regfile to enable Registry editor
Download Registry Enabler [ Right click - Save Target As ]
Open it with Registry editor

W32/Agent.CVQQ Trojan modifies registry at the following locations to ensure its automatic execution at every system Startup:
Delete The Entries

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Delete file entries from right side, look up file entries listed above
Search Registry For W32/Agent.CVQQ Trojan File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Kaspersky Antivirus or Internet Security [ Shareware ]
Spyware Doctor [ Shareware ]
AVG Antivirus [ Freeware ]
Killbox [ Freeware ]

Manual Removal of W32/Refroso.JUQ Trojan » Avgvsrd.exe

2009-12-18T08:09:00.000+05:30

W32/Refroso.JUQ Trojan Known Files » avgvsrd.exe

W32/Refroso.JUQ is a trojan. The trojan will infect Windows systems.
This Trojan Copies its file(s) to Windows\System32 folder as hidden files or active non-hidden files.

W32/Refroso.JUQ Trojan information updated on October 31, 2009.
Other names of W32/Refroso.JUQ Trojan:
W32/Refroso.JUQ Trojan is also known as Mal/EncPk-JU, W32/Smalldoor.IIHU, Win32/AutoRun.Agent.SF, Worm:Win32/Slenfbot.
Download Registry, Taskmanager and Folder Options Repair Tool

W32/Refroso.JUQ Trojan Manual Removal Instructions

Recommended Removal from Windows Safe Mode:
How to Start Windows in Safe Mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
[ Kill the Process, Use Killbox if your Access Denied ]

~~Download W32/Refroso.JUQ Trojan Known File Removal Tool~~
[In Windows Vista Run As Administrator, After Execution System Will Restart ]

%Windows\System32\avgvsrd.exe

[ No Exact Information about Files, search above related files in Program files Folder ]
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Download - Enable Registry.reg
[ Right Click - Save Target As/Linked Content As ]
Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

W32/Refroso.JUQ Trojan Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
Download UnHookExec.inf,
[ Right Click - Save Target As/Linked Content As ]
Save it to your Windows desktop.
Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
Right-click the UnHookExec.inf file and click Install.
[This is a small file. It does not display any notice or boxes when you run it.]
Or Download Regfile to enable Registry editor
Download Registry Enabler [ Right click - Save Target As ]
Open it with Registry editor

W32/Refroso.JUQ Trojan modifies registry at the following locations to ensure its automatic execution at every system Startup:
Delete The Entries

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Delete file entries from right side, look up file entries listed above
Search Registry For W32/Refroso.JUQ Trojan File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Kaspersky Antivirus or Internet Security [ Shareware ]
Spyware Doctor [ Shareware ]
AVG Antivirus [ Freeware ]
Killbox [ Freeware ]

Manual Removal of W32/Magania.ANOR Trojan » Amvo.exe

2009-12-11T07:30:00.001+05:30

W32/Magania.ANOR Trojan Known Files » amvo.exe, 2w.cmd

W32/Magania.ANOR is a trojan. The trojan will infect Windows systems.
This Trojan Copies its file(s) to Windows\System32, root of windows folder as hidden files or active non-hidden files.

W32/Magania.ANOR trojan information updated on October 30, 2009.
Other names of W32/Magania.ANOR Trojan:
W32/Magania.ANOR trojan is also known as WORM_AUTORUN.HAJ, Trojan-GameThief.Win32.Magania.anor.

Download Registry, Taskmanager and Folder Options Repair Tool

W32/Magania.ANOR Trojan Manual Removal Instructions

Recommended Removal from Windows Safe Mode:
How to Start Windows in Safe Mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
[ Kill the Process, Use Killbox if your Access Denied ]

Download W32/Magania.ANOR Trojan Known File Removal Tool
[In Windows Vista Run As Administrator, After Execution System Will Restart ]

%Windows\System32\amvo.exe
%Windows root folder\2w.cmd

[ No Exact Information about Files, search above related files in Program files Folder ]
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Download - Enable Registry.reg
[ Right Click - Save Target As/Linked Content As ]
Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

W32/Magania.ANOR Trojan Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
Download UnHookExec.inf,
[ Right Click - Save Target As/Linked Content As ]
Save it to your Windows desktop.
Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
Right-click the UnHookExec.inf file and click Install.
[This is a small file. It does not display any notice or boxes when you run it.]
Or Download Regfile to enable Registry editor
Download Registry Enabler [ Right click - Save Target As ]
Open it with Registry editor

W32/Magania.ANOR Trojan modifies registry at the following locations to ensure its automatic execution at every system Startup:
Delete The Entries

HKEY_USERS\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXX-XXXX\Software\Microsoft\Windows\CurrentVersion\Run

Delete file entries from right side, look up file entries listed above
Search Registry For W32/Magania.ANOR Trojan File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Kaspersky Antivirus or Internet Security [ Shareware ]
Spyware Doctor [ Shareware ]
AVG Antivirus [ Freeware ]
Killbox [ Freeware ]

Manual Removal of W32/Buzus.BXXT Trojan » jschd.exe

2009-12-10T07:30:00.002+05:30

W32/Buzus.BXXT Trojan Known Files » jschd.exe, javasun.exe

W32/Buzus.BXXT is a trojan. The trojan will infect Windows systems.
This Trojan Copies its file(s) to Windows\System32 folder as hidden files or active non-hidden files.

W32/Buzus.BXXT trojan information updated on October 29, 2009.
Other names of W32/Buzus.BXXT Trojan:
W32/Buzus.BXXT trojan is also known as Trojan.Win32.Buzus.bxxt, Win32/Merond.Y, W32/Malware.IOLB, W32/AutoRun-AQY.
Download Registry, Taskmanager and Folder Options Repair Tool

W32/Buzus.BXXT Trojan Manual Removal Instructions

Recommended Removal from Windows Safe Mode:
How to Start Windows in Safe Mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
[ Kill the Process, Use Killbox if your Access Denied ]

Download W32/Buzus.BXXT Trojan Known File Removal Tool
[In Windows Vista Run As Administrator, After Execution System Will Restart ]

%Windows\System32\jschd.exe
%Windows\System32\javasun.exe

[ No Exact Information about Files, search above related files in Program files Folder ]
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Download - Enable Registry.reg
[ Right Click - Save Target As/Linked Content As ]
Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

W32/Buzus.BXXT Trojan Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
Download UnHookExec.inf,
[ Right Click - Save Target As/Linked Content As ]
Save it to your Windows desktop.
Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
Right-click the UnHookExec.inf file and click Install.
[This is a small file. It does not display any notice or boxes when you run it.]
Or Download Regfile to enable Registry editor
Download Registry Enabler [ Right click - Save Target As ]
Open it with Registry editor

W32/Buzus.BXXT Trojan modifies registry at the following locations to ensure its automatic execution at every system Startup:
Delete The Entries

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Delete file entries from right side, look up file entries listed above
Search Registry For W32/Buzus.BXXT Trojan File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Kaspersky Antivirus or Internet Security [ Shareware ]
Spyware Doctor [ Shareware ]
AVG Antivirus [ Freeware ]
Killbox [ Freeware ]

Manual Removal of W32/Swisyn.CAV Trojan » Vmmonitor.exe

2009-12-09T07:30:00.001+05:30

W32/Swisyn.CAV Trojan Known Files » vmmonitor.exe

W32/Swisyn.CAV is a trojan. The trojan will infect Windows systems.
This Trojan Copies its file(s) to Documents and Settings\All Users\Application Data\Microsoft folder as hidden files or active non-hidden files.

W32/Swisyn.CAV trojan information updated on October 27, 2009.
Other names of W32/Swisyn.CAV Trojan:
W32/Swisyn.CAV trojan is also known as Trojan.Win32.Swisyn.cav, Trojan:Win32/Chksyn.gen!A.

Download Registry, Taskmanager and Folder Options Repair Tool

W32/Swisyn.CAV Trojan Manual Removal Instructions

Recommended Removal from Windows Safe Mode:
How to Start Windows in Safe Mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
[ Kill the Process, Use Killbox if your Access Denied ]

Download W32/Swisyn.CAV Trojan Known File Removal Tool
[In Windows Vista Run As Administrator, After Execution System Will Restart ]

%Documents and Settings\All Users\Application Data\Microsoft\vmmonitor.exe

[ No Exact Information about Files, search above related files in Program files Folder ]
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Download - Enable Registry.reg
[ Right Click - Save Target As/Linked Content As ]
Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

W32/Swisyn.CAV Trojan Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
Download UnHookExec.inf,
[ Right Click - Save Target As/Linked Content As ]
Save it to your Windows desktop.
Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
Right-click the UnHookExec.inf file and click Install.
[This is a small file. It does not display any notice or boxes when you run it.]
Or Download Regfile to enable Registry editor
Download Registry Enabler [ Right click - Save Target As ]
Open it with Registry editor

W32/Swisyn.CAV Trojan modifies registry at the following locations to ensure its automatic execution at every system Startup:
Delete The Entries

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Delete file entries from right side, look up file entries listed above
Search Registry For W32/Swisyn.CAV Trojan File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Kaspersky Antivirus or Internet Security [ Shareware ]
Spyware Doctor [ Shareware ]
AVG Antivirus [ Freeware ]
Killbox [ Freeware ]

Manual Removal of W32/AInfBot.O Worm » Notepad.exe

2009-12-08T07:30:00.001+05:30

W32/AInfBot.O Worm Known Files » notepad.exe

W32/AInfBot.O is a worm. The worm will infect Windows systems.
This Worm Copies its file(s) to Windows folder as hidden files or active non-hidden files.

This worm information updated on October 26, 2009.
Other names of W32/AInfBot.O Worm:
This worm is also known as Ircbot.AUEA, Win32/AutoRun.IRCBot.CL, Trojan:Win32/Ircbrute.

Download Registry, Taskmanager and Folder Options Repair Tool

W32/AInfBot.O Worm Manual Removal Instructions

Recommended Removal from Windows Safe Mode:
How to Start Windows in Safe Mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
[ Kill the Process, Use Killbox if your Access Denied ]

Download W32/AInfBot.O Worm Known File Removal Tool
[In Windows Vista Run As Administrator, After Execution System Will Restart ]

%WINDOWS\system32\drivers\notepad.exe

[ No Exact Information about Files, search above related files in Program files Folder ]
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Download - Enable Registry.reg
[ Right Click - Save Target As/Linked Content As ]
Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

W32/AInfBot.O Worm Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
Download UnHookExec.inf,
[ Right Click - Save Target As/Linked Content As ]
Save it to your Windows desktop.
Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
Right-click the UnHookExec.inf file and click Install.
[This is a small file. It does not display any notice or boxes when you run it.]
Or Download Regfile to enable Registry editor
Download Registry Enabler [ Right click - Save Target As ]
Open it with Registry editor

W32/AInfBot.O Worm modifies registry at the following locations to ensure its automatic execution at every system Startup:
Delete The Entries

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

Delete file entries from right side, look up file entries listed above
Search Registry For W32/AInfBot.O Worm File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Kaspersky Antivirus or Internet Security [ Shareware ]
Spyware Doctor [ Shareware ]
AVG Antivirus [ Freeware ]
Killbox [ Freeware ]

Windows Live Messenger Error Code 8007007e Fix Vista

2009-12-06T11:57:00.000+05:30

I cannot sign into messenger. It says the service is unavailable with error code: 8007007e.

How to Fix:

Install New Custom Update

Login to your Windows Live Account,

Go to : http://download.live.com/messenger. And Click Download Button.

Direct Download Link for Custom Live Setup wlsetup-custom.exe (1.1 mb).

Install this Custom Live setup, Will fix the Service Error. After I installed this Update My Messenger Got Working.

Windows Tips - Fix Windows Xp Delay while Opening My Computer

2009-12-05T07:30:00.001+05:30

In Windows Xp, While opening "My Computer" taking too much time for the item list, accessing "My Computer" from any dialog or shortcut took a lot of time displaying the standard Windows searching flashlight.

To Fix this, just stop a service with this simple procedure.

Click Start and launch Run Command

Type Services.msc and press enter

Find Windows Image Acquisition (WIA) service, Right-click it and select Stop.

You should also change WIA service startup mode to Manual.

Keep in mind when this service is disabled no scanner or camera related functionality will be available.

Your Delayed Opening of My Computer problem in windows xp should be solved now.

Manual Removal of W32/Scar.XQJ Trojan » ld14.exe

2009-12-04T07:30:00.001+05:30

W32/Scar.XQJ Trojan Known Files » ld14.exe

W32/Scar.XQJ is a trojan. The trojan will infect Windows systems.
This Trojan Copies its file(s) to Windows folder as hidden files or active non-hidden files.

W32/Scar.XQJ Trojan information updated on October 23, 2009.
Other names of W32/Scar.XQJ Trojan:
W32/Scar.XQJ Trojan is also known as Trojan.Win32.Scar.xqj, W32.Koobface.D, Trojan.Scar.IX.
Download Registry, Taskmanager and Folder Options Repair Tool

W32/Scar.XQJ Trojan Manual Removal Instructions

Recommended Removal from Windows Safe Mode:
How to Start Windows in Safe Mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
[ Kill the Process, Use Killbox if your Access Denied ]

Download W32/Scar.XQJ Trojan Known File Removal Tool
[In Windows Vista Run As Administrator, After Execution System Will Restart ]

%Windows\ld14.exe

[ No Exact Information about Files, search above related files in Program files Folder ]
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Download - Enable Registry.reg
[ Right Click - Save Target As/Linked Content As ]
Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

W32/Scar.XQJ Trojan Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
Download UnHookExec.inf,
[ Right Click - Save Target As/Linked Content As ]
Save it to your Windows desktop.
Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
Right-click the UnHookExec.inf file and click Install.
[This is a small file. It does not display any notice or boxes when you run it.]
Or Download Regfile to enable Registry editor
Download Registry Enabler [ Right click - Save Target As ]
Open it with Registry editor

W32/Scar.XQJ Trojan modifies registry at the following locations to ensure its automatic execution at every system Startup:
Delete The Entries

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Delete file entries from right side, look up file entries listed above
Search Registry For W32/Scar.XQJ Trojan File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Kaspersky Antivirus or Internet Security [ Shareware ]
Spyware Doctor [ Shareware ]
AVG Antivirus [ Freeware ]
Killbox [ Freeware ]

Manual Removal of W32/Netsky.X Worm » VisualGuard.exe

2009-12-03T07:30:00.001+05:30

W32/Netsky.X Worm Known Files » VisualGuard.exe

W32/Netsky.X is a worm. The Worm will infect Windows systems.
This Worm Copies its file(s) to Windows folder as hidden files or active non-hidden files.

W32/Netsky.X Worm information updated on October 22, 2009.
Other names of W32/Netsky.X Worm:
W32/Netsky.X Worm is also known as Email-Worm.Win32.NetSky.x, W32/Netsky-N.

Download Registry, Taskmanager and Folder Options Repair Tool

W32/Netsky.X Worm Manual Removal Instructions

Recommended Removal from Windows Safe Mode:
How to Start Windows in Safe Mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
[ Kill the Process, Use Killbox if your Access Denied ]

Download W32/Netsky.X Worm Known File Removal Tool
[In Windows Vista Run As Administrator, After Execution System Will Restart ]

%Windows\VisualGuard.exe

[ No Exact Information about Files, search above related files in Program files Folder ]
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Download - Enable Registry.reg
[ Right Click - Save Target As/Linked Content As ]
Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

Unregister DLL Files Using Windows Command Prompt
To open the Windows Command Prompt, go to Start - Run, type cmd and then click the "OK" button.
Type "cd" in order to change the current directory,
Press the "space" button, enter the full path to where you believe the Program DLL file is located press the "Enter" button on your keyboard.
If you don't know where Program DLL file is located, use the "dir" command to display the directory's contents.

To unregister a "Program" DLL file,
Type in the exact directory path + "regsvr32 /u" + [ DLL_NAME ]

Example [ C:\Windows\System\ regsvr32 /u filename.dll ] and press the "Enter" button.
A message will pop up that says you successfully unregistered the file.

W32/Netsky.X Worm Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
Download UnHookExec.inf,
[ Right Click - Save Target As/Linked Content As ]
Save it to your Windows desktop.
Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
Right-click the UnHookExec.inf file and click Install.
[This is a small file. It does not display any notice or boxes when you run it.]
Or Download Regfile to enable Registry editor
Download Registry Enabler [ Right click - Save Target As ]
Open it with Registry editor

W32/Netsky.X Worm modifies registry at the following locations to ensure its automatic execution at every system Startup:
Delete The Entries

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Delete file entries from right side, look up file entries listed above
Search Registry For W32/Netsky.X Worm File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Kaspersky Antivirus or Internet Security [ Shareware ]
Spyware Doctor [ Shareware ]
AVG Antivirus [ Freeware ]
Killbox [ Freeware ]

Manual Removal of W32/OnLineGames.SBWK Trojan » Amvo.exe

2009-12-02T07:30:00.001+05:30

W32/OnLineGames.SBWK Trojan Known Files » amvo.exe, ovlx.dll, qxbx9blb.com

W32/OnLineGames.SBWK is a trojan. The trojan will infect Windows systems.
This Trojan Copies its file(s) to Windows\System32, Temp and root of windows installed folder as hidden files or active non-hidden files.

W32/OnLineGames.SBWK Trojan information updated on October 20, 2009.
Other names of W32/OnLineGames.SBWK Trojan:
W32/OnLineGames.SBWK Trojan is also known as TrojWare.Win32.PSW.OnLineGames.NMY, Worm:Win32/Taterf.AA, TROJ_GAMETHI.ER.

Download Registry, Taskmanager and Folder Options Repair Tool

W32/OnLineGames.SBWK Trojan Manual Removal Instructions

Recommended Removal from Windows Safe Mode:
How to Start Windows in Safe Mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
[ Kill the Process, Use Killbox if your Access Denied ]

Download W32/OnLineGames.SBWK Trojan Known File Removal Tool
[In Windows Vista Run As Administrator, After Execution System Will Restart ]

%Windows\System32\amvo.exe
%Documents and Settings\Default User\Local Settings\Temp\ovlx.dll
%Root of windows installed drive\qxbx9blb.com

[ No Exact Information about Files, search above related files in Program files Folder ]
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Download - Enable Registry.reg
[ Right Click - Save Target As/Linked Content As ]
Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

Unregister DLL Files Using Windows Command Prompt
To open the Windows Command Prompt, go to Start - Run, type cmd and then click the "OK" button.
Type "cd" in order to change the current directory,
Press the "space" button, enter the full path to where you believe the Program DLL file is located press the "Enter" button on your keyboard.
If you don't know where Program DLL file is located, use the "dir" command to display the directory's contents.

To unregister a "Program" DLL file,
Type in the exact directory path + "regsvr32 /u" + [ DLL_NAME ]

Example [ C:\Windows\System\ regsvr32 /u filename.dll ] and press the "Enter" button.
A message will pop up that says you successfully unregistered the file.

W32/OnLineGames.SBWK Trojan Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
Download UnHookExec.inf,
[ Right Click - Save Target As/Linked Content As ]
Save it to your Windows desktop.
Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
Right-click the UnHookExec.inf file and click Install.
[This is a small file. It does not display any notice or boxes when you run it.]
Or Download Regfile to enable Registry editor
Download Registry Enabler [ Right click - Save Target As ]
Open it with Registry editor

W32/OnLineGames.SBWK Trojan modifies registry at the following locations to ensure its automatic execution at every system Startup:
Delete The Entries

HKEY_USERS\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXX-XXXX\Software\Microsoft\Windows\CurrentVersion\Run

Delete file entries from right side, look up file entries listed above
Search Registry For W32/OnLineGames.SBWK Trojan File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Kaspersky Antivirus or Internet Security [ Shareware ]
Spyware Doctor [ Shareware ]
AVG Antivirus [ Freeware ]
Killbox [ Freeware ]

Manual Removal of W32/Koobface.AQI Worm » ld12.exe

2009-12-01T07:30:00.001+05:30

W32/Koobface.AQI Worm Known Files » ld12.exe

W32/Koobface.AQI is a worm. The worm will infect Windows systems.
This Worm Copies its file(s) to Windows folder as hidden files or active non-hidden files.

W32/Koobface.AQI Worm information updated on October 19, 2009.
Other names of W32/Koobface.AQI Worm:
W32/Koobface.AQI Worm is also known as Net-Worm.Win32.Koobface.aqi, Worm.Koobface.aqi, Win32:Preald-K.

Download Registry, Taskmanager and Folder Options Repair Tool

W32/Koobface.AQI Worm Manual Removal Instructions

Recommended Removal from Windows Safe Mode:
How to Start Windows in Safe Mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
[ Kill the Process, Use Killbox if your Access Denied ]

Download W32/Koobface.AQI Worm Known File Removal Tool
[In Windows Vista Run As Administrator, After Execution System Will Restart ]

%Windows\ld12.exe

[ No Exact Information about Files, search above related files in Program files Folder ]
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Download - Enable Registry.reg
[ Right Click - Save Target As/Linked Content As ]
Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

W32/Koobface.AQI Worm Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
Download UnHookExec.inf,
[ Right Click - Save Target As/Linked Content As ]
Save it to your Windows desktop.
Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
Right-click the UnHookExec.inf file and click Install.
[This is a small file. It does not display any notice or boxes when you run it.]
Or Download Regfile to enable Registry editor
Download Registry Enabler [ Right click - Save Target As ]
Open it with Registry editor

W32/Koobface.AQI Worm modifies registry at the following locations to ensure its automatic execution at every system Startup:
Delete The Entries

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Delete file entries from right side, look up file entries listed above
Search Registry For W32/Koobface.AQI Worm File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Kaspersky Antivirus or Internet Security [ Shareware ]
Spyware Doctor [ Shareware ]
AVG Antivirus [ Freeware ]
Killbox [ Freeware ]

Manual Removal of W32/Magania.AZHA Trojan » Olhrwef.exe

2009-11-27T07:30:00.001+05:30

W32/Magania.AZHA Trojan Known Files » olhrwef.exe, ej10fkdo.bat

W32/Magania.AZHA is a trojan. The trojan will infect Windows systems.
This Trojan Copies its file(s) to Windows\System32 and root of windows installed folder as hidden files or active non-hidden files.

W32/Magania.AZHA Trojan information updated on October 17, 2009.
Other names of W32/Magania.AZHA Trojan:
W32/Magania.AZHA Trojan is also known as Trojan-GameThief.Win32.Magania.azha, Worm.Taterf.AGL, Worm:Win32/Taterf.B.
Download Registry, Taskmanager and Folder Options Repair Tool

W32/Magania.AZHA Trojan Manual Removal Instructions

Recommended Removal from Windows Safe Mode:
How to Start Windows in Safe Mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
[ Kill the Process, Use Killbox if your Access Denied ]

Download W32/Magania.AZHA Trojan Known File Removal Tool
[In Windows Vista Run As Administrator, After Execution System Will Restart ]

%Windows\System32\olhrwef.ex
%Root of windows installed drive\ej10fkdo.bat

[ No Exact Information about Files, search above related files in Program files Folder ]
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Download - Enable Registry.reg
[ Right Click - Save Target As/Linked Content As ]
Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

W32/Magania.AZHA Trojan Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
Download UnHookExec.inf,
[ Right Click - Save Target As/Linked Content As ]
Save it to your Windows desktop.
Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
Right-click the UnHookExec.inf file and click Install.
[This is a small file. It does not display any notice or boxes when you run it.]
Or Download Regfile to enable Registry editor
Download Registry Enabler [ Right click - Save Target As ]
Open it with Registry editor

W32/Magania.AZHA Trojan modifies registry at the following locations to ensure its automatic execution at every system Startup:
Delete The Entries

HKEY_USERS\S-1-5-21-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXX-XXXX\Software\Microsoft\Windows\CurrentVersion\Run

Delete file entries from right side, look up file entries listed above
Search Registry For W32/Magania.AZHA Trojan File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Kaspersky Antivirus or Internet Security [ Shareware ]
Spyware Doctor [ Shareware ]
AVG Antivirus [ Freeware ]
Killbox [ Freeware ]

Manual Removal of W32/Agent.CGPR Trojan » ld10.exe

2009-11-26T07:30:00.002+05:30

W32/Agent.CGPR Trojan Known Files » ld10.exe

W32/Agent.CGPR is a trojan. The trojan will infect Windows systems.
This Trojan Copies its file(s) to Windows folder as hidden files or active non-hidden files.

W32/Agent.CGPR Trojan information updated on October 16, 2009.
Other names of W32/Agent.CGPR Trojan:
W32/Agent.CGPR Trojan is also known as Worm/Koobface.C, Trojan-Downloader.Win32.Agent.cgpr, Trojan.DL.Agent.LZEY.

Download Registry, Taskmanager and Folder Options Repair Tool

W32/Agent.CGPR Trojan Manual Removal Instructions

Recommended Removal from Windows Safe Mode:
How to Start Windows in Safe Mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.

The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
[ Kill the Process, Use Killbox if your Access Denied ]

Download W32/Agent.CGPR Trojan Known File Removal Tool
[In Windows Vista Run As Administrator, After Execution System Will Restart ]

%Windows\ld10.exe

[ No Exact Information about Files, search above related files in Program files Folder ]
If you have any of these files in running process from task manger, end the process before removal.
Note: if task manager is disabled, Download the following file, Download - Enable Registry.reg
[ Right Click - Save Target As/Linked Content As ]
Open it with Regedit.exe [%system32\regedit.exe], then it Confirms Add to registry Yes or No, Confirm Yes, then click Ok.

W32/Agent.CGPR Trojan Entries Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor.
Download UnHookExec.inf,
[ Right Click - Save Target As/Linked Content As ]
Save it to your Windows desktop.
Do not run it at this time, download it only.
After booting into the Safe Mode or VGA Mode
Right-click the UnHookExec.inf file and click Install.
[This is a small file. It does not display any notice or boxes when you run it.]
Or Download Regfile to enable Registry editor
Download Registry Enabler [ Right click - Save Target As ]
Open it with Registry editor

W32/Agent.CGPR Trojan modifies registry at the following locations to ensure its automatic execution at every system Startup:
Delete The Entries

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Delete file entries from right side, look up file entries listed above
Search Registry For W32/Agent.CGPR Trojan File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.

Exit the Registry Editor,
Restart your Computer.

Recommended Removal Tools:
Kaspersky Antivirus or Internet Security [ Shareware ]
Spyware Doctor [ Shareware ]
AVG Antivirus [ Freeware ]
Killbox [ Freeware ]