Hello,, Let's do this.. If you are comfortable with it.
A suggestion is being made that involves modifying the registry. Modifying the registry can be dangerous (and can render your system unbootable) so it's advisable that you make a backup of the registry before proceeding. Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.Backing Up Your Registry
- Go Here and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
- Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
- Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
- Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
- Make sure that at least the first two check boxes are ticked
- Press OK
- Press YES to create the folder.
For more information about modifying the registry, see this Microsoft article: http://support.microsoft.com/default.aspx/kb/256986
(I highly suggest, you make a copy of this article.)
Please follow all directions EXACTLY
, and in the same sequence.
1. Press CTRL+ALT+DEL and go to the Processes
2. Look for svchost.exe
under the Image Name
There will be many, but look for the ones which have your username, under the User Name
3. Click the entry, to highlight it, then click the End Process
It will give you a warning, click Yes.
4. Repeat for all of the svchost.exe
files with your username.Do not kill svchost.exe with system, local service, or network service, under the User Name column!
the Task Manager.
6. Open My Computer
7. In the address bar, type in; C:\heap41a
, and hit the Enter
8. Delete all the files found here.
9. Now, click Start / Run / type in; regedit
10. Go to the toolbar, click Edit
, and select Find
11. Type in; heap41a
, and click the Find Next
12. You will get something like this, [winlogon] C:\heap41a\svchost.exe C:\heap(some number)\std.txt
13.Right-click it, and select Delete
It will ask, "Are you sure you want to delete this value", click Yes
14. Exit the Registry Editor.
The Virus should now be gone.
Note: Please format all of your pen drives, because that's probably where you contracted the virus from, hidden in a microsoft.exe autorun.inf, which you might not find.How To Format a Flash Drive