Unless you have a good, updated virus scanner on the system, chances are you might have to remove the trojan manually..
NetBus uses the computer registry to start up its own mini-server each time you turn on your machine. So guess what - you have to go into the registry :)). I'm doing this on Windows NT, but Windows 95 and 98 will work almost the same way. To start the registry editor click on ![]() ![]() Sometimes it might be 'Love.exe" or "Pics.exe", but it will be along the lines of the file name that got you infected in the first place. Highlight that line (NOT 'Run' !!), the Patch part of it on the right, under 'Name' - just click on it once), and press the Delete key. This removes the registry part of the virus. (you can close regedit now) Now, there is still the virus program running in your memory. Two ways to remove it: restart the computer or ... press Ctrl-Alt-Delete in Windows 95 (go to Task Manager in Windows NT). Highlight 'Patch.exe' or whatever the name of the virus program, and press the End Task button. Same thing. The last part is cleaning up :). under C:\WINNT or C:\Windows or wherever windose sits on your machine, you'll find two files, 'Patch.exe' and 'KeyHook.dll'. Delete both of them. We're only doing this now because before you would only get 'Access Denied' when trying to delete them. That is it.. Hope you could follow the instructions, I tried to cover every step so you don't screw up. Do this at your own risk - send me an email and say how it went, I'll help you if you still got a problem. <--back |