a friend brought to me her laptop which she was complaining that the antivirus was prompting too many viruses in the system. when i tried starting her laptop, i noticed right away that her laptop got infected by the Antivira AV malware. i searched on how to remove this malware but most of them suggests another tool to remove it! there are lots of it youtube. you can also check some of them here.
anyway, i wanted to remove this malware manually without having to install another tool (for which we don't know could be another malware). i came to know that this malware does allow you to run iexplore.exe and explorer.exe process. other processes are killed and antivira will prompt you that such exe file is damaged etc...
so here's how to remove it:
1. open explorer and go to %windir% (e.g. c:\windows)
2. rename regedit.exe to iexplore.exe and run it
3. on Registry Editor, go to HKLM\Software\Microsoft\Windows\CurrentVersion\Run
4. delete entries which have values pointing to ~%local~1%\temp\####.exe
5. if there's an entry for rundll32.exe ###.dll, delete that as well.
6. on the explorer, find the location of the exe in step 4.
you won't be able to delete it so just renamed it
7. locate the dll in step 5 and rename/delete it as well
8. reboot
9. after reboot, rename back the iexplore.exe to regedit.exe.
if there's already one, just delete it.
10. run task manager, kill any rundll32.exe process if there is.
the dll will try to add back the registry entry when it is killed.
so run regedit.exe and delete the runll32.exe entry.
11. do the cleanup using your usual antivirus program.
12. run IE and check your proxy settings. if you are not using any proxy, uncheck the proxy configuration in your Internet Options page.
happy computing.
