IN CASE OF A VIRUS not caught by your antivirus software. files for possible deletion...

There will be many registry changes that will point to files that the computer uses for virus infection, but if the files are gone, cleaning your registry is a job for another utility,but at least your computer will be functional.

If you go into DOS (not by choosing the MS-DOS prompt from the 'Programs' menu, Windows will still be running and using the files you want to delete) by RESTARTING IN DOS MODE, then you will be able to delete files.

When you get into DOS mode, the screen shows this:
C:\Windows
(this is the default message, but the computer is in DOS mode).



Next, you want to leave the Windows directory and enter the root (main) directory (press CD.. (that's CD period period.

That's done because you are going to enter a command to search the whole hard drive, instead of just searching the Windows directory alone for the rogue files that are carrying out operations unknown to you. You can look at these files with the TYPE command (I only capitalize for emphasis, DOS is never case sensitive unless specified). Since TYPE is a command, I will use the word 'Press' in my explanations of DOS. Now that you are in the root directory, press
DIR index.dat /ahras /s (then hit enter)
this command asks for the directory listing of the file that keeps track of every place you go and redirects you to p 0 r n sites (it asks for the listing regardless whether it has the hidden, read only, archived or system attributes, the /s means 'all subdirectories).
Review the file by pressing TYPE index.dat | MORE (then hit enter)

REMEMBER,you don't have to capitalize.
The reason for not using the TYPE command by itself (| MORE is a PIPE command), is because it is a large file and will scroll right by you unless you add that pipe).

Other files for possible deletion are
fixiel.* (the asterisk is a wildcard, it means->search for the filename no matter what extension).
dstart1.exe
dstart51.exe
dstart52.exe
dc86.exe
gensetup.*
exploit.*
dload.exe
startpage-du.dll.dr
(some files that I looked for were probably erased by my a/v software, but I'll mention some other names that you should watch for:
mhtredir.gen
Coolwebsearch
TIBS
Some of these names I mentioned might be different on your computer and some, like the last three, might just be the name of a trojan instead of the name of a file.
You can also use the FIND function on the Windows main menu in order to view the files that were CREATED on your hard drive since you got the virus, you'll only be able to delete some because you will be in Windows and using the files you want to delete, but you can collect the names of the files for DOS.



Whenever you need to change the attributes of a file in DOS (for deletion), use the
ATTRIB command this way:
ATTRIB (name and extension of file) - (minus sign) h (to remove the hidden attribute).
ATTRIB file + (plus sign) h (to add the hidden attribute).
Tweet