naetbuesus


Unless you have a good, updated virus scanner on the system, chances are you might have to remove the trojan manually..

NetBus uses the computer registry to start up its own mini-server each time you turn on your machine. So guess what - you have to go into the registry :)).

I'm doing this on Windows NT, but Windows 95 and 98 will work almost the same way. To start the registry editor click on Micros.. and choose 'Run'. In the 'Open' space type regedit and press 'Enter' key. This is kind of important.. changing anything in the registry is like working on a car engine that's running. In other words, try not to change anything. Anyways, once you're in there it works like navigating directories. You have to go down to 'My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' . Once you're in the Run folder, on the right side of the window you'll see a few lines. One of those lines will be someting with 'Patch.exe' in it.

registry editor


Sometimes it might be 'Love.exe" or "Pics.exe", but it will be along the lines of the file name that got you infected in the first place. Highlight that line (NOT 'Run' !!), the Patch part of it on the right, under 'Name' - just click on it once), and press the Delete key. This removes the registry part of the virus. (you can close regedit now)

Now, there is still the virus program running in your memory. Two ways to remove it: restart the computer or ... press Ctrl-Alt-Delete in Windows 95 (go to Task Manager in Windows NT). Highlight 'Patch.exe' or whatever the name of the virus program, and press the End Task button. Same thing.

The last part is cleaning up :). under C:\WINNT or C:\Windows or wherever windose sits on your machine, you'll find two files, 'Patch.exe' and 'KeyHook.dll'. Delete both of them. We're only doing this now because before you would only get 'Access Denied' when trying to delete them.

That is it.. Hope you could follow the instructions, I tried to cover every step so you don't screw up. Do this at your own risk - send me an email and say how it went, I'll help you if you still got a problem. <--back
boring.. you're right 1