May 272012
 

Virus Removal For Windows post helps you to troubleshoot and remove potential viruses, Trojans, malware, adware and more from your computer.

Last Updated: July 27, 2017

I had an issue with a clients laptop running Windows XP Pro. The biggest problem was that he did not have any anti virus running and he had Spybot Search and Destroy out of date. The reason I knew it was a virus was because of the behavior from operating system.

I rebooted into safe mode and did some more testing with portable hijackthis and found some anomalies and also found 2 viruses 80hh.exe and userini.exe. I did some investigation on the internet and found out they were very nasty viruses which corrupted the operating system in many ways.

These are the tools I used and the steps I carried out to remove these nasty viruses and or any other virus you might find. These steps also apply to Windows XP, Vista, 78.1 and Windows 10.

Virus Removal Windows

First Step: AVG Rescue CD: AVG Rescue CD is a comprehensive toolkit that will repair system crashes and return systems to a state where they can operate at full capacity, thanks to deep-rooted infections having been removed and file systems repaired.

Second Step: Ccleaner needs to be run to delete all temp files and other garbage found that might be a hiding area for this nasty trojan/ viruses.

Third Step: Hijacktis: This is an awesome tool to check and see what runs at startup. You will know what looks suspicious and will give you an option to clean and remove the registry entry.

Fourth Step: Malwarebytes Anti-Malware: Malwarebytes Anti-Malware Free utilizes Malwarebytes powerful technology to detect and remove all traces of malware including worms, trojans, rootkits, rogues, dialers, spyware and more.

Fifth Step: Comodo Internet Security antivirus software which also has a firewall if you want to activate it. Comodo is a very powerful antivirus software or you can install AVG antivirus. Either one will help you and I recommend both although in this situation I installed Comodo.

The First Step is to boot your computer/ laptop with AVG Rescue CD, this step is very important to remove and clean any infected files without login into the operating system. Most viruses are executed when you log into your operating system. Second Step is to install and run ccleaner in SAFE MODE to delete all garbage left behind from the internet and other files in the temp directories. I found the 80hh.exe virus in the user temp directory. Third Step is to install or run hijackthis portable in SAFE MODE to check and see what is running at startup and delete any entries in your registry that look suspicious. Fourth Step install Malwarebytes, update the software and do a full test run for a final check.

Run hijackthis and do another check to see if the same anomalies are still running in the registry. Then run regedit and check under the following entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

and search for the following entry and delete it.

“userini.exe “=”%WINDIR%explorer.exe:userini.exe”

If you see anything else that looks suspicious delete it as well.

Warning: Always do a registry backup just in case

 Also check the following entries:

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

If everything is okay after checking the above entries then run Fifth Step and install comodo internet security, update the software and do a full scan. By this time your system should be running smoothly without any problems.

If you experience any problems while running windows, do the following. Log into safe mode create a new user account with full privileges i.e. administration copy any personal files from the existing account making sure they are clean into a directory you have access to i.e. C:\ or a partition if you have one created. Log into the new account while in safe mode and delete the account that had the virus. This is sometimes needed because some virus corrupts the user profile.

Windows Operating System CD

The following steps require an original Windows CD or have access to the I386 folder if you created a copy in C:\

You might have to expand some files and copy them to c:\windows\system32 because they might be missing after one of the tools above put them in quarantine or deleted them because it could not clean them.

The following steps can be executed from CMD mode

CD C:\I386 [ENTER]

EXPAND what ever file is missing into C:\WINDOWS\SYSTEM32    [ENTER]

or

  • Insert the original Windows XP CD and reboot the computer. You may need to configure your computer to boot from the CD-ROM drive.
  • When the Windows XP Setup has started, press “R” to “repair the Windows XP installation using Recovery Console”.
  • Select the Windows installation to repair (generally this is C:\Windows) by typing its number and then pressing ENTER.
  • Type the Administrator password and press ENTER.
  • Type the following commands:

D:     [ENTER] assuming D: is your cd rom drive
CD I386     [ENTER]
EXPAND what ever file is missing into C:\WINDOWS\SYSTEM32    [ENTER]

By now you should be running a system without any viruses. If you have any questions or suggestions please leave a comment here and I will be glad to help you.

Click on the following URL Internet Safe Surfing to learn more about different tools, browser addons and more to improve your Internet surfing security.

Good luck.

Return Back To:

Manuel Ballesta RuizManuel Ballesta Ruiz is a web developer, Blogger and WordPress Enthusiast.

  5 Responses to “Virus Removal Windows”

  1. “Hello Manuel,

    Don’t worry for knowing your know coz I have read your reply to some comments here in your site.

    I have a few problem with my browser that sometime when I start my computer and browse the web and go to google or gmail I get a blank page. I tried to use different browser also but the problem is still the same.

    What do you think can be the problem for this? I tried cleaning up the cache and also used ccleaner but still getting a blank browser.

    Hope for your great assistant and solutions.

    Thanks,
    Lorna”

    • Hello Lorna thank you for your question. I have checked your link and apparently you are a computer service provider. Regardless of that I will try to assist you in the best way possible.

      First what operating system are you using?
      What browser version and browsers have you used for testing?
      Do you have the latest flash plugin?
      Does your browser have incompatible plugins?
      Have you checked to see whether you might have a virus?
      Have you got a corrupted browser profile?
      Have you got a corrupted account”profile” depending on your operating system?
      Have you tried to reinstall your browser?

      I look forward to your reply.

      Kind regards

  2. good guiding post thanks

  3. Thank you for your comment.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)