Windows Diagnostic Removal Guide
Windows Diagnostic can be removed by using Emsisoft HiJackFree to stop the processes and kill the files from the hard drive. Then, the user has to restore the registry entries added and modified by Windows Diagnostic. Finally, all the file related to Windows Diagnostic must be deleted from the hard drive. All of them has been shown in the removal guide below.
Windows Diagnostic should be removed immediately!
Windows Diagnostic Removal Guide
Kill Process
(How to kill a process effectively?)
[RANDOM].exe
Unregister DLL files
%Temp%\[RANDOM].dll
Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s's:/ogn:/uyu:/dyd:/c'u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/'wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v'w:/rbs:'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'yes'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
Remove Folders and Files
%Documents and Settings%\All Users\Application Data\[random]
%Documents and Settings%\All Users\Application Data\[random].exe
%Documents and Settings%\All Users\Application Data\[random].dll
%Documents and Settings%\[UserName]\Desktop\Windows Diagnostic.lnk
%Documents and Settings%\[UserName]\Start Menu\Programs\Windows Diagnostic
%Documents and Settings%\[UserName]\Start Menu\Programs\Windows Diagnostic\Windows Diagnostic.lnk
%Documents and Settings%\[UserName]\Start Menu\Programs\Windows Diagnostic\Uninstall Windows Diagnostic.lnk
Windows Diagnostic should be removed immediately!
Windows Diagnostic Removal Guide
Kill Process
(How to kill a process effectively?)
[RANDOM].exe
Unregister DLL files
%Temp%\[RANDOM].dll
Delete Registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s's:/ogn:/uyu:/dyd:/c'u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/'wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v'w:/rbs:'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'yes'
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'
Remove Folders and Files
%Documents and Settings%\All Users\Application Data\[random]
%Documents and Settings%\All Users\Application Data\[random].exe
%Documents and Settings%\All Users\Application Data\[random].dll
%Documents and Settings%\[UserName]\Desktop\Windows Diagnostic.lnk
%Documents and Settings%\[UserName]\Start Menu\Programs\Windows Diagnostic
%Documents and Settings%\[UserName]\Start Menu\Programs\Windows Diagnostic\Windows Diagnostic.lnk
%Documents and Settings%\[UserName]\Start Menu\Programs\Windows Diagnostic\Uninstall Windows Diagnostic.lnk
No comments:
Post a Comment