Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Easy W32.Changeup Removal Without Antivirus


  • Please log in to reply
No replies to this topic

#1 smc_159

smc_159

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 26 January 2010 - 03:11 PM

:thumbsup:
I noticed that W32.Changeup worked only on individual user accounts, so you use this to your advantage.
The computer classifies the virus files as system files that they need to keep super hidden.
Here's how to delete the files.
1. Create a new user account.
2. Don't log onto the new user account, yet. Plug in every USB device that you think may have the virus.
3. Log onto the new account, now.
4. Go to My Computer> Local Disk (DRIVE LETTER:\)> Documents and Settings. Go to any of the user files that may have the virus.
5. Click on the button on top that says "Tools".
6. Go to the "Views" Tab.
7. There i a checkbox somewhere in the menu that says: "Hide protected system files", or something along the lines of that.
8. Uncheck this box if it isn't already; you will get a message box that asks you if your are sure, click "Yes".
9. There should be an autorun.inf file and an exe file. The exe file should be named the same name as your user account.
10. Click onto the autorun.inf file (it is not malicious, it's just a text file). There should be a line that says:
Open= [DRIVE LETTER]\Documents and Settings\[YOUR USER NAME]\[YOUR USER NAME].exe
The exe file name should be a jumble of capital and lowercase letters (like, bOb.eXE)
11. If the autorun.inf file has that line, delete it along with [YOUR USER NAME].exe.
12. Log off and go to the user account that you cleaned up and Go to Start>Run and type in "regedit".
13. This will open up the Registry Editor, be very careful about what you do in here!!!
14. Go to the following path: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
15. There will be a registry entry named the same as your account; delete this entry.
16. Next, Go to the following path: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
17. Delete the entry named "ShowSuperHidden".
18. Exit Registry Editor and go to My Computer.
19. Go to all of your devices and delete the autorun.inf and [YOUR USER NAME].exe.
20. Unplug the devices and repeat steps 3-17 until you have eliminated the virus.
If you have read this, please respond and tell me if these steps worked for you.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users