Page 3
12. Now that you have compiled your list of suspect entries in the run key of the registry, close the
registry editor and connect your browser to the internet. Our next step is to research exactly what each of
these suspect entries is. To identify the processes, take the name of the file at the end of the section of
the data key. (for example, in the proceeding illustration, these file names would be atiptaxx.exe,
mcsheild.exe, msblast.exe, and gargleafx.exe). Next go to you favorite search engine (We recommend
www.google.com if you don't have a preference), and do a search on each file name, one at a time. Something
within the first page should tell you what the process is, and whether or not it's necessary on your system.
If google comes up blank or vague, try the
Greatis Startup Database
at http://www.greatis.com/regrun3appdatabase.htm or
a similar page
at http://www.liutilities.com/products/wintaskspro/processlibrary/.
13. Once you've listed everything in your registry's run key, re-open the registry editor and navigate to
back to theRun Key per step 2. One at a time, highlight each of the problem entries and hit the
delete key. Confirm by clicking yes. The registry value will disappear. Next, close the registry editor and
reboot the system.
14. Immediately after rebooting the system, re-open the registry and navigate back to the run key. Make
sure that the Run Key was exactly as you left it before rebooting. If a mysterious value seems to
appear/reappear, you have a virus that will need to be identified and removed by other means. If you're
able to identify the virus, go to
McAfee AVERT Stinger website
at http://us.mcafee.com/virusInfo/default.asp?id=stinger or search from our
Current Threats page. There are other
removal tools found here
Symantec virus removal
tools website at http://securityresponse.symantec.com/avcenter/tools.list.html. These small tools are
known as "stingers". You must download the stinger for the specific virus you have, and run it per
instructions. If your system will not connect to the Internet, download them onto another system. Most are
small enough to fit on a floppy disk.
15. If the problem seems to be solved, congratulations! Hang onto the list of registry keys you deleted...
use the system for awhile, and when you're satisfied you haven't accidentally disabled anything, locate
the files in windows explorer and delete them. If the system is still cranky, repeat the above steps for
the HKEY_CURRENT_USER\Software\Microsoft\windows\Currentversion\Run key. This key isn't always present...
but it's a good idea to check it out anyway. If you're running a Windows 95, 98, or ME system, be sure to
repeat the entire process for the RunServices Key located immediately below the run key.
