W32.RemoteExplore - Removal

Once infected, the best way to remove this virus is to use the Reremove.exe removal tool. Please click here for more information.

To disinfect a Windows 95/98 computer on which files are infected with W32.RemoteExplore:
Windows 95/98 computers can host files infected with the W32.RemoteExplore virus, but it cannot spread under Windows 95/98.

1. Run LiveUpdate to make sure that you have the most recent virus definitions.
2. Start Norton AntiVirus (NAV), and run a full system scan, making sure that NAV is set to scan all files.
3. If any files are detected as infected by W32.RemoteExplore, click Repair.

Manual removal procedure

1. Determine whether the computer is infected by viewing TaskMgr for Remote Explorer under Processes, or under Control Panel/Services. If it is not, stop here. Otherwise, go on to the next step.
   
   CAUTION: We strongly recommend that you back up the system registry before making any changes. Incorrect changes to the registry could result in permanent data loss or corrupted files. Please make sure you modify only the keys specified. Please see the document How to back up the Windows registry before proceeding.
   
2. Click Start, and click Run. The Run dialog box appears.
3. Type regedit and then click OK. The Registry Editor opens.
4. Delete the following keys:
   
   HKEY_LOCAL_MACHINE/ControlSet001/Enum/Services/RemoteExplorer
   HKEY_LOCAL_MACHINE/ControlSet003/Enum/Services/RemoteExplorer
   
5. Restart the computer.
6. Delete the following files:
   
   C:\WinNT\System32\drivers\IE403r.sys
   C:\WinNT\Taskmgr.sys
   
7. Run a full system scan. If any files cannot be repaired, they will have to be restored from clean backups.

Technical Details