1. Open task manager (Ctrl+Alt+Del). Locate and end the process av2009.exe using right click and selecting 'end process' option.
2. Now go to C:\Program Files(Assuming that you have windows installed in C drive) and delete the entire folder named Antivirus 2009.
3. Go to C:\windows\system32 and delete the file scui.cpl
4. Now delete all the shortcuts on desktop and start menu made by Antivirus 2009 and empty recycle bin.
5. Go to Start Menu->Run-> Type regedit and press enter.
6. Navigate to HKEY_CURRENT_USER\Software\391480808073321598
42981568027496. Delete the key ( i.e. the key with a long number which may differ in your computer but will be very long)
7. Navigate to HKEY_CURRENT_USER\Software\Microsoft\Windows
\CurrentVersion\Run and delete name(long nos.) with data as C:\Program Files\Antivirus 2009\av2009.exe
8. Navigate to
HKEY_CURRENT_USER\Software\Microsoft\Windows
\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs
\Antivirus 2009. Delete this key i.e. Antivirus 2009
Now your computer is free of Antivirus 2009
Download Nod32 Antivirus 4 CLick Below
Removing kinza
Kinza creates the following files in the system32 folder of the windows directory.
kinza.exe, fiber.exe, boot.vbs, actmon.ini. The following variation may also be there
imapde.dll
imapdc.vxd
imapd.exe
imapdb.dll
imapdb.exe
imapdc.dll
imapdd.dll
imapde.dll
rbwinx1.dll
Kill the following processes with your username from task manager
wscript.exe, cmd.exe, netsh.exe
First of all the taskmanager, registry editor & folder options may be disabled
Re-Enable Task manager & Registry Tools if the virus has disable that one
Run the following commands from Start->Run to first unlock them.
1. Unlock Task Manager
REG add HKCU\Software\Microsoft\Windows\CurrentVersion
\Policies\System /v DisableTaskMgr /t REG_DWORD
/d 0 /f
2. Unlock Registry Editor
REG add HKCU\Software\Microsoft\Windows\CurrentVersion
\Policies\System /v DisableRegistryTools /t REG_DWORD
/d 0 /f
3.Remove Internet Explorer Title :
Using Registry Editor, delete the following value in the registry:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
\Main\Window Title
Change the following registry values
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT
\CurrentVersion\Winlogon
On the Right Side find the entry named Userinit
It will have data as
C:\WINDOWS\system32\userinit.exe,C:\WINDOWS
\system32\wscript.exe C:\WINDOWS\system32\boot.vbs
Change it to C:\WINDOWS\system32\userinit.exe
Now delete the following files located at C:\windows\system32\
kinza.exe
fiber.exe
actmon.ini
imapde.dll
imapdc.vxd
imapd.exe
imapdb.dll
imapdb.exe
imapdc.dll
imapdd.dll
imapde.dll
rbwinx1.dll
The virus disables windows firewall which you have to activate by going to control panel, clicking on security center, and then on windows firewall. It will say that the service has been stopped, do you want to start it. Click yes to start the firewall again.
Delete the following registry values to complete the removal of unnecessary registry keys
HKEY_CURRENT_USER\Software\Microsoft\Windows
\CurrentVersion\Shellnoroam\MUICache
On the right side locate and delete value c:\windows\system32\fiber.exe
Subscribe to:
Posts (Atom)
