In that situation there are usually 2 programs running that detect when the other is shut down. When one is shut down the other program regenerates it.
In order to get ahead of a program like that you have to run the computer in Safe Mode and find 2 things. The location of the offending files, delete them and the entry in the registry or the entry in a startup section in your user file structure and delete that. Much of the time the offending files are in a temporary directory or an application support directory. If you successfully remove the files off your hard drive that is usually enough to fix it.
You may be given an opportunity to run in Safe Mode without running all of the startup files. That should stop it from loading but in Safe Mode it probably won't load anyway.
If you can, run System Information and look at the startup files. You may find the source of the file there. The problem here is that many virus programs won't allow system utilities to run. But if you can get into Safe Mode you may be able to run it.
There are some virus that get into the boot sector on your hard drive. Those you usually have to run fdisk.exe and re-format the hard drive. Those can really difficult to remove.
If you have multiple users on this computer there will be different sections in the registry for each different user. Each user will have unique startup sections and their own temporary directories. Each has to be searched for the offending program entries and files.
Sometimes its just easier to reinstall Windows. Some virus can very difficult to remove or do so much damage to the file structures that a reinstall is all that will restore the computer.
Best of luck,
Steve
My daughter has the svhost.exe trogan on her computer. I am having the most difficult time in removing the darn thing. I tried using malwarebytes, it will find it but when I click to remove, clean or what ever it its and restart the dang thing is still there.
Reply via web post | Reply to sender | Reply to group | Start a New Topic | Messages in this topic (13) |
No comments:
Post a Comment