ALERT: Before attempting
to complete any of these instructions, it is STRONGLY recommended
that you make
a complete backup of your system Registry. This will allow you to correct
any mistakes that you may make, or help to recover from any problems that result
from following these instructions.
NOTE: Please note
that ResNet cannot provide in-depth technical assistance to non-N.C. State University
students. If you are not a student, please contact your Internet Service Provider
(ISP) or anti-virus software vendor for assistance.
Removal Instructions:
RealPHX (Trojan.Sinkin):
- Reboot your computer in Safe Mode
- Reboot the computer
- Just before Windows begins to load, press F8
- Select Safe Mode
- Click on Start, then click Search,
then click For Files or Folders...
- Enter "av.exe" into
the search box (without quotes).
- Delete files named "av"
or "av.exe" ONLY.
Do not delete other files with 'av' as part of the file name.
- Click on Start, then click Run...
- Enter "regedit" (without
quotes).
WARNING: Editing the registry of your computer
could be dangerous. We strongly recommend that you make a backup of
your registry before continuing. Check out Symantec's
Instructions for backing up your registry.
- Browse to "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run"
- Delete the "Antivirus" Key with a value of "c:\av.exe"
- Browse to "HKEY_CURRENT_USER\Software\Microsoft\Internet
Explorer\Explorer Bars\{Random Numbers}\FilesNamedMRU"
- Delete the "000" Key
with a value of "av.exe"
- Close Regedit.
- Click on Start, then click on Control Panel.
- Double-click on the Internet Options control panel.
- Change your default home page.
- Open your virus scanner, and run a COMPLETE
virus scan on your computer. If your virus scanner definition files
are up to date, it should detect and successfully clean RealPHX.
- If you have a spyware removal program, run it and let
it attempt to detect and clean any spyware that has been installed.
- Reset your buddy profile in AIM.
- Reboot your computer.
|
|
