We all keep hitting viruses. Last week I was somehow hit by a malware known as sdra64.exe. It has many other names, which you can check on the malware’s profile on Prevx. It is hard to delete, you can’t delete it because its being used in the registry. If you remove it from the registery, it comes back. So HOW TO REMOVE IT? I was able to, it wasn’t too hard, just a bit of thinking. If you have this, and wanna remove it ASAP, then you wanna read on ;)

Basically, this malware is meant to transfer your private information (like passwords, etc) through the internet. Which makes you an easy target.

Note: You need to be logged onto an administrative account to follow the instructions below!

When you go to delete the sdra64.exe file located in the system32 folder, you can’t delete it because it says its being used. And yes, its being used in the registery. To clear it from the registery, open your registry editor by typing in regedit in Start > Run. Once there follow:
[HKEY_LOCAL_MACHINE]\SOFTWARE\Microsoft\Windows NT\Current Version\Winlogon

Once there, look for the entry called “userinit”. In that you will see that the data includes “C:\WINDOWS\system32\sdra64.exe”. All you have to do is edit it, and replace it all with “C:\WINDOWS\system32\Userinit.exe,” (without quotations). Once you do that it disappears. But if you move out of that registry directory and come back in, you see that the sdra64.exe is added again. That keeps on happening.

This is where we will get a bit tricky. Start by ending all your unnecessary processes, which includes chat messengers, download managers, and other programs you installed including your antivirus. Once done that, start ending the svchost.exe processes. You will then get a countdown telling the computer will shutdown in 60 secs.

After the counter starts, go back to the register editor and replace everything in the userinit data with “C:\WINDOWS\system32\Userinit.exe” (without quotations) but DON’T PRESS ENTER OR CLICK OK YET! Wait for the countdown to end. Click OK when the counter almost ends (i pressed it betweek 1 and 0 seconds). As soon as you click and the counter ends, your computer will be restarted.

What happened is that we edited the registry and gave the virus no time to come back (because the computer shutted down). After your computer starts again, you should be able to delete the C:\WINDOWS\system32\sdra64.exe file. If you can’t, just refollow the steps again. And if you have, be happy (thank me too!!! :D :P ).

You have removed the sdra64.exe virus, but is your pc still safe? I highly recommend you to download, install and scan using a free small tool called Prevx. You can download the free home and scan using it. It requires a license to delete most virusses (Surely worth the CHEAP price), if you’re a techy guy, you can see where the virus is and delete it manually (but prevx still saves time). Thats it. Enjoy a safe computer ;)

Share and Enjoy:
  • Facebook
  • Twitter
  • Digg
  • StumbleUpon
  • del.icio.us
  • Google Bookmarks
  • Design Float
  • Sphinn
  • Mixx
  • Blogplay
  • Reddit
  • Technorati
  • Tumblr
  • Yahoo! Buzz
  • RSS
  • Add to favorites
  • Print