Removing Malware components

Moving files

This is an advanced topic. If you don't know what you are doing, the hijackthis forums here are a better place to start than here. If you know whats going on and are removing components manually this is the place.

Often once you've identified malware components, you'll find you can't remove them as the process is open. Hijackthis can be used to remove some of these components if you know what you are doing, but sometimes it isn't enough.

Most of you have encountered installers requiring a reboot because a file is in use. These installers use a registry key to tell windows to move or replace the in use file on the next reboot. You can do the same thing. This tool will allow you to schedule a move on boot and you can read a bit more about it here.

Fixing vital file associations

Sometimes malware will modify your file associations, and even successful removal won't fix this. For some file types this is fairly simple to fix, but malware will often modify the .exe association which will cause most applications to simply fail to run once the malware is removed.

This page has .reg files which you can run to fix many commonly modified file associations.