توضیحات زیر از سایت سیمانتک انتخاب شده که بعد از پاک سازی سیستم از ویروس باید به روش زیر رجیستری ویندوز را اصلاح کرد
البته قبل از این کار باید restore ویندوز را غیر فعال کرد
Click Start > Run.
Type regedit
Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Security Response has developed a tool to resolve this problem. Download and run this tool, and then continue with the removal.
Navigate to and delete the following entries:
HKEY_CURRENT_USER\Software\Wintek\"Install" = "[INFECTION TIME]"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Soundmax" = "%ProgramFiles%\Sound Utility\Soundmax.exe"
Restore the following registry entries to their original values, if required:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"Hidden" = "2" HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"HideFileExt" = "2" HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"ShowSuperHidden" = "2" HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\"Nofolderoptions" = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\"Nofolderoptions" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\"DisableConfig" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\"DisableSR" = "1"
Exit the Registry Editor.
Note: If the risk creates or modifies registry subkeys or entries under HKEY_CURRENT_USER, it is possible that it created them for every user on the compromised computer. To ensure that all registry subkeys or entries are removed or restored, log on using each user account and check for any HKEY_CURRENT_USER items listed above.
می خواستم ببینم راهی هست که تنظیمات رجیستری رو بشه به صورت خودکار انجام داد اخه من از رجیستری چیزی نمی فهمم
ممنون می شم اگه کمکم کنی