- HubPages»
- Technology»
- Internet & the Web»
- Viruses, Spyware & Internet Security
How to Remove the Conduit Virus (Step 3)
If steps one and two were not sufficient to remove the Conduit virus, move on to step 3, where you manually remove the virus. If you have not completed the first two steps, you can do that here:
Processes
First, you need to kill all processes relating to the Conduit Virus. To do this, open the task manager by pressing CTRL+SHIFT+ESC. Go to the processes tab. Then look for the process search.conduit.com, and related processes. Right click them and click end process.
Files
Next, you need to get rid of files created by the Conduit virus. Delete the following files:
- C:\WINDOWS\assembly\KYH_64\Desktop.ini
- C:\Windows\assembly\KYH_32\Desktop.ini
- C:\WINDOWS\system32\giner.exe
Registry
Finally, you need to remove all registry entries made by the Conduit virus. Open the registry editor. To do this press the Windows Key+R. Then type "regedit" and hit enter. The registr editor will open. Browser to and delete the following registry entries.
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\random
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run\random
- HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\5ATIUYW62OUOMNBX256 “(Default)”=”1?
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\“UninstallString” = “‘%AppData%\[RANDOM]\[RANDOM].exe” -u
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\“ShortcutPath” = “‘C:\Documents and Settings\All Users\Application Data\5ATIUYW62OUOMNBX256.exe” -u’”
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce “5ATIUYW62OUOMNBX256” = “‘C:\Documents and Settings\All Users\Application Data\5ATIUYW62OUOMNBX256.exe’
If That Did Not Work
If that did not work, you need to decide how much it bothers you. If you decide it is worth it, you may need to to a wipe and reload. I would be very surprised if after following steps 1 through 3, the virus remained, but it is possible.