Backdoor-G aka SubSeven v2.2 Removal

Step 1.
Click Start > Run and type Regedit.
Follow the paths using regedit and find:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

In the right window, look for look for the item titled:
Loader = "c:\windows\system\***"
The *** will be a random file name. Write this down as it is the Sub7 server! Right click on that line and choose delete.
Step 2.
Follow the paths using regedit and find:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

In the right window, look for the item titled the same as above:
Loader = "c:\windows\system\***"
Right click on that line and choose delete.
Step 3.
Exit the Registry.
Step 4.
Click Start > Run and type Sysedit.
Open the file Win.ini. Near to the top you will see a line with:
run=
If you see a path pointing to the Sub7 server here as well, delete it so the line only reads:
run=
Save and close file Win.ini.

Open the file System.ini. Look for a line starting with:
Shell=explorer.exe
If the Sub7 server name is after this, remove that file name so the line reads exactly:
Shell=explorer.exe
Save and close file System.ini.
Step 5.
Exit Sysedit and reboot your computer.
Step 6.
Click Start > Find/Files or Folders. Search all drives for files with the name "***". The random file you have found as the Sub7 server. Delete them all and empty your recycle bin.
Step 7.
Reboot your computer.

Congratulations! Backdoor-G aka SubSeven 2.2 has now been removed from your system.

Categories

Archives

Backdoor-G aka SubSeven v2.2 Removal

Advertising