Instructions
End Processes
1 Press "Ctrl" + "Alt" + "Delete" to open the Task Manager.
2 Click on the "Processes" tab of the Task Manager.
3 Click on "Show Processes From All Users."
4 Kill the following processes. To kill a process, right-click on the process and select "End Process":
"cftm.exe"
"cftmen.exe"
5 Close the Task Manager.
Delete Registry Values
1 Click on the "Start" menu, type "regedit" into the "Search Programs and Files" box and press "Enter." The Registry Editor opens.
2 Delete the following registry values from the left pane of the Registry Editor. To delete a registry value, right-click on the registry value and select "Delete." Note that deleting the wrong registry value can cause serious system-wide problems.
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\"csrcs" = C:\WINDOWS\system32\csrcs.exe"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"cftm" = C:\WINDOWS\system32\cftm.exe"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\cftm = C:\WINDOWS\system32\cftm.exe"
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = 0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = Explorer.exe csrcs.exe"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM"
"HKEY_LOCAL_MACHINE\SOFTWARE\ESET\Nod"
3 Close the Registry Editor.
Delete Files
1 Click on the "Start" menu and click on the "Search Programs and Files" box.
2 Search for and delete the following files from your computer. To delete a file, right-click on the file and select "Delete":
"System\\autorun.inf"
"SystemDrive\\khq"
"SystemDrive\\khr"
"System\\cftm.exe"
"System\\cftmen.exe"
3 Restart your computer.
No comments:
Post a Comment