Backdoor.Nerte - Removal

Delete files that are detected as Backdoor.Nerte, and reverse the changes that the Trojan made to the registry.

To remove the Trojan:

1. Run LiveUpdate to make sure that you have the most recent virus definitions.
2. Start Norton AntiVirus (NAV), and make sure that NAV is configured to scan all files. For instructions on how to do this, read the document How to configure Norton AntiVirus to scan all files.
3. Run a full system scan.
4. Delete all files that are detected as Backdoor.Nerte. Deleted files must be either replaced from a clean backup or reinstalled.

To edit the registry:

CAUTION: We strongly recommend that you back up the system registry before you make any changes. Incorrect changes to the registry could result in permanent data loss or corrupted files. Please make sure that you modify only the keys that are specified. Please see the document How to back up the Windows registry before you proceed.

1. Click Start, and click Run. The Run dialog box appears.
2. Type regedit and then click OK. The Registry Editor opens.
3. Navigate to and delete the following keys:
   
   HKEY_LOCAL_MACHINE\Software\Nerte
   HKEY_LOCAL_MACHINE\Software\Nerte\TR
   
4. Navigate to the key
   
   HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
   
5. Follow the instructions for your operating system:
   • Windows 95/NT
     1. In the right pane, delete the value
        
        ScanRegistry  <Path>\nsrvnt.exe
        
     2. Exit the Registry Editor.
        
        
   • Windows 98/Me
     1. In the right pane, double-click the value
        
        ScanRegistry  <Path>\nsrvnt.exe
        
     2. In the Value Data box, change the text to
        
        C:\Windows\scanregw.exe /autorun
        
        NOTE: If you installed Windows to a location other then C:\Windows, make the appropriate path substitution when you enter the text.
        
     3. Click OK, and then exit the Registry Editor.

Technical Details