We continue to deal with the Trojan Winlock

As it turned out, this Trojan is very well adapted. Therefore not enough just to get rid of the obsessive window that requires you to send a paid SMS. After the manipulation, as described in the previous articleWe somehow made it to the infected system. Probably already copy everything you need. And like it you can safely re-install Windows. But do not rush to put a cross on it. The victim system is still quite possible to go out and continue to enjoy it, as if nothing had happened.

In other words, start the system does not mean the final victory over the virus. It's still there. And relapses (as hated window). To avoid them prepare for treatment. I need some tools: RegCleaner, Kaspersky Removal Tool, Dr. Web Cureit, RemoveIT, Plstfix, ATF Cleaner. Of these, only need to install Remove IT. The rest can be run even with the external media, even from the hard disk. Internet access during treatment should be avoided. Is that later required only once to update the antivirus. But it later.

Remove from your system all the entries of the virus

Turn RegCleaner. In the menu you turn open the "Tasks", "Start the Registry Editor." In the registry, you need to go through the following path:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon.

There is a section called «shell». He must have a «explorer.exe» value. Any other values ​​should be corrected. The same applies to «userinit» section. Its default value:

C: \ WINDOWS \ system32 \ userinit.exe.

Registry Editor is no longer needed. And RegCleaner will still. It also opens the tab "Startup". This list will indicate the program that is constantly included, along with the launch of Windows. Closely acquainted with each of them. All applications other than the desktop and ctfmon.exe to delete. Then in the menu RegCleaner go through tasks - Registry Cleanup - Enable all options. For a while, it takes a registry scan. All that will be found - to remove.

We are looking for malicious code

And also removed. This will require utilities with fresh antivirus databases: Kaspersky, Dr. Web and our main weapon - Remove IT. If the first and second more or less clear. It has long been proven antivirus. Despite all their merits, we must recognize that in the fight against trojan winlock both of them - not the number one. Where better to cope with the virus Remove IT. Good antivirus paid with non-standard algorithm Trojans search. However, the first thirty days, it can be used free of charge. And this will be enough. When you first start Remove IT will require updates of virus databases. On the infected computer updates the time you need to connect to the internet and do not forget then again turn off.

When all the antivirus software will be ready to work, alternately scan the drive on which Windows is worth and remove anything that will obnarzhueno. To be safe, you can scan the rest of the disks. Once the verification is complete, launch the utility Plstfix. It will fix the registry after the barbaric digging in it.

Get rid of temporary files

Too often viruses are hidden in a temporary directory, even after checking the antivirus program. For the sake of your own peace of mind it is better to remove. For this we use pre-prepared tool ATF Cleaner.

After rebooting the system will work even better than before. But before celebrating the final victory, it would be necessary to choose a reliable lock, which winlock no longer be able to crack. That talk about it next time.