How do I Clean BackDoor Graybird?

Technology Computer & Networking security
104 18
    • 1). Launch your anti-virus program and select the "Update" option to install the latest virus definitions. Consider free anti-virus programs such as Avira, AVG or avast! if you do not have an anti-virus program (see Resources).

    • 2). Close all open programs and restart your computer. Press the "F8" key repeatedly before Windows resumes. This launches the Advanced Options Menu. Select "Safe Mode" and press "Enter" to launch Windows in Safe Mode.

    • 3). Launch your anti-virus again and run a full system scan. When the scan completes, delete any detected files. Close your anti-virus program.

    • 4). Click the Windows "Start" menu, click "Run," type "Regedit" (without quotes) and press "Enter" to launch the Registry Editor.

    • 5). Click the plus symbol (+) next to the "HKEY_LOCAL_MACHINE" folder to expand it. Expand the "SOFTWARE" folder, the "Microsoft" folder, the "Windows" folder, the "CurrentVersion" and finally expand the "Run" folder. Delete any of the following values if they exist:

      "svchost" = "%System%\Svch0st.exe"

      "winlogon" = "%System%\Winlogon.exe"

      "system" = "%System%\Explorer.exe"

      "ravmond" = "%System%\Explorer.exe"

    • 6). Navigate to each of the following registry entries (following the procedure in Step 5):

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionRunServices

      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

      Delete the following values under each entry if they exist:

      "svchost" = "%System%\Svch0st.exe"

      "winlogon" = "%System%\Winlogon.exe"

      "system" = "%System%\Explorer.exe"

      "ravmond" = "%System%\Explorer.exe"

    • 7). Navigate to the following key (a process similar to Step 5):

      HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows

    • 8). Delete the following values:

      "run" = "%system%\svch0st.EXE"

      "run" = "%system%\ravmond.exe"

    • 9). Click the "Start" menu if you are using Windows 95/98/ME and click "Run." Type "edit c:\windows\win.ini" (without quotes) and press "Enter."This launches the MS-DOS editor. Locate the "run = C:\WINDOWS\SYSTEM\SVCH0ST.EXE" line if it exists and delete it. Click "File" and click "Save." Close the editor.

Source...
You might also like on "Computer & Networking security : Technology" More from author

Leave A Reply

Your email address will not be published.