Talk:Fun.exe virus
 | This article is rated Stub-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||
| ||||||||||||||
Removal without an antivirus program (original proceedure by the author of this wiki page)[edit]
Because the running instances of the virus monitor and protect each other, manual removal from windows is impossible. An anti virus program can remove the program from windows, however to remove the virus manually the user will need to be familiar with the "DOS" command prompt in safe mode.
The first step is to locate all copies of the virus currently infecting your drive. With no other applications running, the easiest way to do this is to change the system date to a date in the future. Then press CTRL-ALT-DEL to access the task manager. From the processes tab of task manager, highlight the running virus (fun.exe or other) and press end process. This will trigger the virus to restart which will update the file access times on all the files that it is infecting. Then perform a system wide file search based on access date. Because the date is in the future, none of your own files will be marked with the access date. The search will find those infected files and a few others that may be running in the background or are related to the search or task manager. You separate the infected files from the genuine using the identification criteria above; icon, file size, known file name (some names may not be known), and internal name which is always "Olalatheworld".
Once you have located the files, write down a comprehensive list of all the files and their locations. If you miss even one, you will have to do it again because the virus will restore itself.
Then reboot in safe mode with command prompt. From command prompt use CD (change directory) command to navigate to the folders where the infected files are (eg. C:\ CD windows ----> C:\Windows ). Once in the correct folder, use DEL (Delete) to delete the infected file (eg. C:\Windows DEL fun.exe) Confirm the file is gone by searching using dir/p *.exe (eg. C:\Windows dir/p *.exe) Confirm the deleted file is not in the list. Repeat this process for all remanining infected files you found.
Once you have deleted them all, reboot the computer. You're not quite done. When booting, there will be dialog boxes saying that certain files you just deleted cannot be found. This is good, and expected. Press CTRL-ALT-DEL to view task manager and from the processes tab ensure that the virus is no longer running. If it is running, you missed one or more infected files and will need to start over. If it is not running, you succeeded and got them all. The last step is to remove the registry keys that it installed so that you no longer get the file not found message boxes.
From the start menu, choose run and type regedit. Use extreme caution, you are editing the system registry. You can do irreparable damage if you delete or modify the wrong keys. Use the find option and search for each of the different infected file names you found. Usually you will find them in HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Run/ and HKEY_CURRENT_USER/Software/Microsoft/WindowsNT/CurrentVersion/Windows/ HKEY_CURRENT_USER/Software/Microsoft/WindowsNT/CurrentVersion/Winlogon/ and HKEY_CURRENT_USER/Software/Microsoft/Windows/ShellNoRoam/MUICache/. Delete the keys that refer to the infected files. Becareful if the file name is also a genuine windows file name since there will naturally be legitimate references to the genuine file that should not be deleted. If in doubt, leave it be, since the registry keys alone cannot harm your computer if the infected files are completely removed.
Your system is now clean.