SubSeven Virus
How do I remove SubSeven? Removing SubSeven is a two-step procedure due to you
having to shutdown and delete the trojan. Firstly, boot into MS-DOS mode. Do
this by shutting down your computer and starting it up again. While its loading
press F8 multiple times until you get a text based list. This will have an
option called "Command prompt only". This is MS-DOS so move the
highlighter onto that and press enter. This will load DOS and you will be
prompted with C:*. You are now in DOS mode. Now that you\'re in DOS, type cd
windows. This will take you into the Windows directory. It will look like
something like this: Now you must delete some files. You can do this by typing
the following commands exactly as they appear below: del SysTra1.Exe del
nodll.exe del systray.exe del kernel16.dl del kerne132.dl del rundll16.exe del
nodll.exe Note: Some files will have the error "File not Found". Once
you have done that, type exit. This will take you back to Windows. Now when you
run Windows, you may find errors saying some file is not found. This is due to
that the trojan is designed to run every time you start Windows, but you deleted
the trojan so it cant run anymore. It\'s now time to remove the parts added onto
your computer which make the trojan start every time you boot. Click on the

Start menu, and then click on Run. In run, you will be required to type in
regedit. The following is what it should look like: Now regedit, the Windows

Registry Editor, should open. This is the heart of your computer, so don\'t
delete anything you dont need to delete. When regedit starts, you will see a
file-like tree on the left hand panel. Expand the folders to follow the path:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun At the end,
click on \'Run\' once, and the right hand panel should change. It should look
similar to the following: Look on the right of the regedit box for the
following: SystemTrayIcon = "C:WINDOWSSysTrayIcon.Exe" SystemTray =
"SysTray.Exe" Kernel16 = "kernel16.dl" RegistryScan =
"rundll16.exe" If you have one of these, click on it once with the
left mouse button, then right click on it. When the menu item appears, click on
delete. It will then dissappear from regedit. After you\'ve done this, close
regedit and reboot your computer Note: Some versions of SubSeven won\'t add
anything to regedit, so if you don\'t see any of the lines above, just proceed to
the next step. Now its time to check the Win.ini file. This loads every boot and
some versions of SubSeven add a line to the Win.ini file. Go to the Start menu,

Programs, click on Accessories and then click on Notepad. Notepad is a text
editor and will help you to edit Win.ini. Now that you are in Notepad, click on

File. A dialogue box will appear, then click Open. In the Open window, navigate
into the Windows directory, click on Win.ini and click open (c:windowswin.ini).

This is what this should look like: Win.ini should open. At the top of it should
be the SubSeven line, so if you see the following, delete it: run=nodll Click on

File again and go to Save. Next, click to File and Open again and select the
file system.ini. This is only in one version of SubSeven, so if the following
isn\'t there, don\'t worry. There should be a line in the System.ini saying
"shell=explorer.exe". This is okay, but if it says "shell=explorer.exe
-trojan_name_here-.exe", delete the bit saying "-trojan_name_here-.exe"
so the line will end up as "shell=explorer.exe". Save the file from
the File menu. Note: The "trojan_name_here-.exe" could be any file
name Now you have successfully removed SubSeven, but before you\'re finished,
reboot your machine. Congratulations - you are no longer infected. How do I
remove SubSeven? Removing SubSeven is a two-step procedure due to you having to
shutdown and delete the trojan. Firstly, boot into MS-DOS mode. Do this by
shutting down your computer and starting it up again. While its loading press F8
multiple times until you get a text based list. This will have an option called
"Command prompt only". This is MS-DOS so move the highlighter onto
that and press enter. This will load DOS and you will be prompted with C:*. You
are now in DOS mode. Now that you\'re in DOS, type cd windows. This will take you
into the Windows directory. It will look like something like this: Now you must
delete some files. You can do this by typing the following commands exactly as
they appear below: del SysTra1.Exe