Windows safe mode fake Virus.
If your computer is running Microsoft Windows 7 or Microsoft Windows Vista and your computers is infected with this virus follow the removal process below:
You will first need to download Malwarebytes (a free Anti-Malware program) to a clean computer (no virus) and either burn to cd or copy to a memory stick. Malwarebytes can be downloaded from from cent.com.
To help you follow this removal process there is a printable version (you will need Adobe Reader installed)
Once this is done go to your infected computer/laptop and:
- Hold down the power button to force windows to shut down.
- Turn on the computer/laptop and tap F8 a few times
- From the menu select "safe mode with command prompt"
- Either choose your user account or Administrator.
- In the command prompt type Explorer.exe (click yes to the message)
- After you have clicked yes, do not click on any other warnings or you computer will shut down and restart as the warnings is the virus still trying to mislead you!.
- Minimize the command prompt and you will now see your desktop with a black background.
- Insert either the CD with Malwarebytes or the memory stick and install Malwarebytes.
- Launch Malwarebytes and perform a quick scan.
- Once the scan has completed click on show results and click on remove selected, you will now be asked to restart your computer.
- When the computer starts up again tap F8 a few times, from the menu select "safe mode with command prompt" Either choose your user account or Administrator. In the command prompt type Explorer.exe (click yes to the message) After you have clicked yes, do not click on any other warnings or you computer will shut down and restart as the warnings is the virus still trying to mislead you!. Minimize the command prompt and you will now see your desktop with a black background
- Click on the Windows icon > My Computer > Double click the C drive, Tap Alt on the keyboard > Tools > Folder options > View > Show hidden files, folders, and drives > Click ok.
- > Users > Your user account > AppData > Local > delete all files that were created on the day of virus (suspicious .exe's that share the same look as the windowssafemode icon)
- Find the .dll file that was also created on the same day > right click and select rename > rename as Virus.
- Restart you computer.
- Click on the Windows Icon> My Computer > Double click the C drive > Users > Your user account > AppData > Local > - delete the .dill file you called Virus.
- Run Malwarebytes and remove any infected files.
- While in the C drive Tap Alt on the keyboard > Tools > Folder options > View > Select Don't show hidden files, folders, or drives.
- Restart your computer and you should now have a clean computer again :-) Run any anti-virus program you have to make sure.
On some occasions once the virus is removed you may still have a black background but don't worry as this harmless and can be changed by: Right-click an empty area of the desktop and choose Personalization and then click Desktop background and then select the desired background.
If you need help with virus removal or any info please email me or contact me by phone on:
07831 954184
