How do I Remove the Trojan.Blusod Virus?

Trojan.ETrojan.Blusod is a dangerous program that secretly installs on your computer and displays the pop-up message "Warning! Spyware detected on your computer." The trojan uses this false notification to trick you into purchasing a licensed version of a fake anti-spyware program, which it claims will remove the detected spyware. Trojan.ETrojan.Blusod also downloads additional parasites to your computer. Remove this malicious parasite from your computer.

Instructions

1.Disable System Restore if you are using Windows XP. To do so, click the Windows "Start" menu, right-click "My Computer" and click "Properties." This launches the System Restore dialog box. Click the "System Restore" tab and click the "Turn off System Restore" check box. Click "Apply," then "Yes" and "OK" to save the changes.

2.Launch your anti-virus program if you have one, and update it by clicking "Update" or "Check for updates," depending on the program. Run a full system scan and delete any malicious files your program detects. Consider a free anti-virus program such as AVG, Avira AntiVir or avast! (see Resources).

3.Click the "Start" menu and click "Run," or "Start Search." Type "Regedit" (without quotes) and press "Enter" to launch the Registry Editor.

4.Click the "HKEY_CURRENT_USER" folder in the left pane, click the "Software" folder, click the "Sysinternals" folder and then click the "\Bluescreen Screen Saver" folder. Right-click the "EULAAccepted" = "1" entry and click "Delete." Delete the following registry entry in the same manner:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"lph[RANDOM CHARACTERS]" = "%System%\lph[RANDOM CHARACTERS].exe"

5.Navigate to each of the following entries individually:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier\"InstallationID" = "[RANDOM CLSID]"

HKEY_CURRENT_USER\Control Panel\Desktop\"ConvertedWallpaper" = "%System%\ph[RANDOM CHARACTERS].bmp"

HKEY_CURRENT_USER\Control Panel\Desktop\"SCRNSAVE.EXE" = "%System%\blph[RANDOM CHARACTERS].scr"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\"NoDispBackgroundPage" = "0"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\"NoDispScrSavPage" = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\"DisableSR" = "0"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sr\"Start" = "0"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sr\"ImagePath" = "*system32\DRIVERS\sr.sys*"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sr\Parameters\"FirstRun" = "0"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\"Start" = "0"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\"ImagePath" = "*system32\DRIVERS\sr.sys*"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sr\Parameters\"FirstRun" = "0"

HKEY_CURRENT_USER\Control Panel\Colors\"Background" = "0 0 255"

HKEY_CURRENT_USER\Control Panel\Desktop\"ScreenSaveActive" = "1"

HKEY_CURRENT_USER\Control Panel\Desktop\"TileWallpaper" = "0"

Double-click each entry and enter the original value (0 or 1) in the "Value Data" box.

6.Close the Registry Editor. Re-enable System Restore if you are using Windows XP, and then restart your computer.