REMOVING A VIRUS FROM YOUR PC

Removing a virus from you system could become very difficult. In this tutorial, I will explain the best steps available.
Even if you have the latest antivirus software installed on your system, you can get at the point when it cannot disinfect you hard drive.
Try to figure out what virus you got. Usually your antivirus will alert you with the infection, and the name of the virus. If you don’t know it, try to understand the actions that the virus is performing on your systems (like type of errors, etc). Then do a google.com search on these criteria and identify the possible virus. Believe me, you are not the first one to come up with the issue.
If you find the virus name and characteristics, try searching for a removal tool that will shorten your work very much. You have a list of sites bellow that update their removal tools periodically:
www.symantec.com/avcenter/tools.list.html
www.kaspersky.com/removaltools
www.bitdefender.com/site/Download/browseFreeRemovalTool/
www.pandasoftware.com/download/utilities/
www.grisoft.com/doc/112/lng/us/tpl/tpl01
Another good choice is to scan your hard drive online; there are several websites that offer this. I personally recommend http://housecall.trendmicro.com/
In the event you tried these so far and you still have a virus, you can try removing the virus on your own. Note that this removes the virus code and it’s source file, but does not disinfect files or restore damaged data and doesn’t work with any virus. First you must understand how viruses work in general.
There are two main categories of viruses known: trojans and worms. Trojans come attached to a trustable program and are used to get access into your system. Some of the "classic" ones are Sub7 and Netbus. Worms are a more complex programs; they use mallicious codes to attack files on your computer, to infect e-mails that you send and so on.
Typically, you get infected from a website or from a mail attachment; you are advised NOT to open *.exe, *.vbs, *.bat, *.com, *.scr files if they arrive attached to an e-mail; even if they are from a trusted sender, it could be sent without his permission (this is the main method of virus spreading accross Internet). An executable file (.exe) is then generated somewhere in your system and opened as a service. It also writes a key to your registry making it run every time you load Windows.
The solution to this is to firstly start the computer in Safe Mode (if you don’t know how: restart your computer and press F8 after the initial boot screen; a menu will appear inviting you to select the way you want to start Windows).
Starting in Safe Mode prevents your Windows from loading the virus at startup (the normal startup information is skipped). You could experience issues like no network, no audio or VGA display (640x480 screen resolution). Don’t panic, it is normal and will disappear on the next normal boot.
If succeeded entering Safe Mode, go to Start Menu – Run and type regedit.exe. A registry editor will start. The registry contains thousands of settings for your computer, so try not to mess it up. Follow the steps bellow.

As you can see in this image, on the left side you have a folder-subfolder like hierarchy. By clicking on the plus sign next to the “folders” you open their content.

So click on the plus sign next to HKEY_LOCAL_MACHINE then the plus sign next to Software (don’t panic when it opens, it has a lot of data);


Scroll down until you find Microsoft and open it, then open Windows then Current Version.After doing this, search for a category called Run. Click on it and a list of values will be show in the right panel. That is the list of programs that run when you start Windows. Ignore the keys that indicate a program that you installed (look at the picture bellow) like Winamp, Nero Burning ROM or anything that you know about.

Now note that Windows usually doesn’t load its services from here. So something called WindowsStart or UPDATE SERVICE like in my example is probably the virus. Other viruses generate a random name. Any case it would be, malicious software usually creates a pretty evident filename. Now right-click on that value and select delete.

Note that you just deleted a string of date telling Windows to load the infected executable. It would be a good idea to delete the file too. Search for the filename on your local hard drive (in my example updateservice.exe) and delete it. Now restart your computer and do a checkup to see if the problem disappeared.