SubSeven Virus Essays - Software, System Software,

SubSeven Virus How do I remove SubSeven? Removing SubSeven is a two-step procedure due to you having to shutdown and delete the trojan. Firstly, boot into MS-DOS mode. Do this by shutting down your computer and starting it up again. While its loading press F8 multiple times until you get a text based list. This will have an option called "Command prompt only". This is MS-DOS so move the highlighter onto that and press enter. This will load DOS and you will be prompted with C:\*. You are now in DOS mode. Now that you're in DOS, type cd windows. This will take you into the Windows directory. It will look like something like this: Now you must delete some files. You can do this by typing the following commands exactly as they appear below: del SysTra~1.Exe del nodll.exe del systray.exe del kernel16.dl del kerne132.dl del rundll16.exe del nodll.exe Note: Some files will have the error "File not Found". Once you have done that, type exit. This will take you back to Windows. Now when you run Windows, you may find errors saying some file is not found. This is due to that the trojan is designed to run every time you start Windows, but you deleted the trojan so it cant run anymore. It's now time to remove the parts added onto your computer which make the trojan start every time you boot. Click on the Start menu, and then click on Run. In run, you will be required to type in regedit. The following is what it should look like: Now regedit, the Windows Registry Editor, should open. This is the heart of your computer, so don't delete anything you dont need to delete. When regedit starts, you will see a file-like tree on the left hand panel. Expand the folders to follow the path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run At the end, click on 'Run' once, and the right hand panel should change. It should look similar to the following: Look on the right of the regedit box for the following: SystemTrayIcon = "C:\WINDOWS\SysTrayIcon.Exe" SystemTray = "SysTray.Exe" Kernel16 = "kernel16.dl" RegistryScan = "rundll16.exe" If you have one of these, click on it once with the left mouse button, then right click on it. When the menu item appears, click on delete. It will then dissappear from regedit. After you've done this, close regedit and reboot your computer Note: Some versions of SubSeven won't add anything to regedit, so if you don't see any of the lines above, just proceed to the next step. Now its time to check the Win.ini file. This loads every boot and some versions of SubSeven add a line to the Win.ini file. Go to the Start menu, Programs, click on Accessories and then click on Notepad. Notepad is a text editor and will help you to edit Win.ini. Now that you are in Notepad, click on File. A dialogue box will appear, then click Open. In the Open window, navigate into the Windows directory, click on Win.ini and click open (c:\windows\win.ini). This is what this should look like: Win.ini should open. At the top of it should be the SubSeven line, so if you see the following, delete it: run=nodll Click on File again and go to Save. Next, click to File and Open again and select the file system.ini. This is only in one version of SubSeven, so if the following isn't there, don't worry. There should be a line in the System.ini saying "shell=explorer.exe". This is okay, but if it says "shell=explorer.exe -trojan_name_here-.exe", delete the bit saying "-trojan_name_here-.exe" so the line will end up as "shell=explorer.exe". Save the file from the File menu. Note: The "trojan_name_here-.exe" could be any file name Now you have successfully removed SubSeven, but before you're finished, reboot your machine. Congratulations - you are no longer infected. How do I remove SubSeven? Removing SubSeven is a two-step procedure due to you having to shutdown and delete the trojan. Firstly, boot into MS-DOS mode. Do this by shutting down your computer and starting it up again. While its loading press F8 multiple times until you get a text based list. This will have an option called "Command prompt only". This is MS-DOS so move the highlighter onto that and press enter. This will load DOS and you will be prompted with C:\*. You are now in DOS mode. Now that you're in DOS, type cd windows. This will take you into the Windows directory. It will look like something like this: Now you must delete some files. You can do