Manually clean-up of the system

  1. Restart the computer in Safe Mode with Command Prompt

    While booting your computer hit the F8 key (F5 in XP) until the “Windows Advanced Options” menu appears. Select “Safe Mode with Command Prompt” and confirm the selection with the Enter-key. Windows is restarting the operating system in the selected option.

    Log on as “Administrator”

    Safe Mode with Command Prompt
  2. Type "regedit" (without quotation marks). This will open the Registry EditorC:\Windows\system32\regedit
     
  3. Go to the folder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows N \CurrentVersion\Winlogon. Search in the right pane the listing "Shell", then click the right mouse button and select “Modify”

    ATTENTION!
    At this point it’s necessary to note the entire entry under the heading “Value data:”!!!

    Registry Editor - Winlogon - Shell - Modify

    Delete the entire value data and write thereafter "explorer.exe" (without quotation marks)

    explorer.exe
  4. Please close the window of the Registry Editor
  5. Please type in the console following paths (without quotation marks)

    “cd ***The path which you have previously noted***”
    (For example: "cd c:\Documents and Settings\Administrator\Application Data”)

    cmd.exe - cd c:\Documents and Settings\Administrator\Application Data

    > Press Enter

    „ren *** name of the EXE file *** *** New Name ***
    (For example: „ren jashla.exe jashla.xxx)

    cmd.exe - ren jashla.exe jashla.xxx

    > Press Enter

    „shutdown -r“

    cmd.exe - shutdown -r

    > Press Enter

    The virus is now disabled and the PC will reboot
  6. Please log on to your PC at the previously infected account
  7. Please open the following Avira web page to submit Suspicious Files and Miscellaneous Uploads

    Fill out the form and then click the button Browse…

    Select the previously noted file (For example: c:\Documents and Settings\Administrator\Application Data\jashla.exe" - now jashla.xxx) and click Open

    To submit, click on the website the button Send

Please run approximately 24 - 48 hours thereafter an update of your AVIRA software and, subsequently, a full system scan. This will repair further possible changes made by the virus in the system and removes the file permanently.

Please do not just simply delete the file; this may cause that further repair routines can’t be performed thereafter.

If the methods for the clean-up are not available or successful, there is still the possibility to perform a system restore in safe mode with command prompt using the following instructions from Microsoft:

System Restore in Windows XP

System Restore in Windows Vista / Windows 7

Note:
The screenshots of the Avira client are also valid for Avira Free Personal, Avira Antivirus Premium, Avira Internet Security and Avira Professional Security.

Affected products

  • Avira Professional Security [Windows]
  • Avira Free Antivirus [Windows]
  • Avira Antivirus Premium 2013 [Windows]
  • Avira Antivirus Pro [Windows]
  • Avira Internet Security [Windows]
  • Created : Tuesday, January 10, 2012
  • Last updated: Thursday, November 12, 2015
Was this helpful?