The Trojan Horses like Registry Reviver, “Drive by exploit”, ChaosCC Hacker Group are a malware treats you must always try to avoid – a Trojan Horse isn’t just some annoyance like a Browser Hijacker or like an Adware app that spams you with ads. Some of the more advanced and dangerous Trojans are oftentimes used in large scale banking frauds, personal blackmailing schemes, DDoS attacks, and distribution campaigns for other forms of malware. Registry Reviver is a new Trojan, but despite the fact that it hasn’t been around for a long time, the number of victims that it has claimed is quite high. Here, we will do our best to offer our readers an informative write-up, in which we will go over the most characteristic traits of this malware threat. Also, the guide that you will find right below the article will provide those of you that have already had their machines attacked by Registry Reviver with detailed instructions on how you can potentially liberate your system from the presence of this insidious threat.
Know what you are facing
Many users do not really know what a malware program like Registry Reviver could do to their computers. Usually, when faced with a Trojan, the people are afraid that the infection would damage their computer in some way. While this is certainly a possibility, system damage is actually one of the lesser issues that a Trojan may cause, and it is oftentimes a byproduct of its other activities. For instance, if your computer is crashing frequently and you are getting the Blue Screen of Death on your monitor because a Trojan is messing with the computer’s system, this is probably not the actual goal of the Trojan. In such cases, it is possible that the infection is using up all of your computer’s RAM, CPU, and GPU power for BitCoin mining or some other similar activity, which, in turn, is causing your system to occasionally crash due to the excessive use of its resources.
In some cases, your machine may not even suffer any damage from the malware attack. For example, if the Trojan is spying on you, and trying to obtain some sensitive personal information like passwords or credit/debit card numbers, it would likely show no symptoms, and you’d have no idea that there’s a Trojan inside your system. However, needless to say, this doesn’t mean no harm would be done to you – quite the contrary. Every piece of personal data which a Trojan like Registry Reviver may get from your computer could (and most likely will) later be used for various malicious activities – blackmailing, online banking theft, personal harassment and more.
Dealing with the infection and keeping Trojans away in the future
As we already told you, the guide you will find on this page should help you with the removal of Registry Reviver. However, you will need to ensure that you don’t get infected in the future, which is why we recommend that you try out the professional anti-malware tool that is linked in the guide – it can also assist you with the removal of the Trojan in case the manual steps prove to be ineffective in your case.
|Danger Level||High (Trojans are often used as a backdoor for Ransomware)|
|Symptoms||A Trojan may cause various disruptions in your system – BSOD, errors, freezes, software unresponsiveness and more.|
|Distribution Method||Methods commonly used for Trojan Horse distribution are spam message campaigns, malvertising, pirated downloads, fake updates, and more.|
Remove Registry Reviver Virus
Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.
2: Task Manager
Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.
If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.
Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.
3: IP related to Registry Reviver
Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.
Find where it says Localhost and take a look below that.
If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the Registry Reviver.
4: Disable Startup programs
Re-open the Start Menu and type msconfig.
Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10, it will send you to the Startup part of the task manager instead, as in the picture:
If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and Registry Reviver , disable those programs and select OK.
5: Registry Editor
Press Windows key + R and in the resulting window type regedit.
Now, press Ctrl + F and type the name of the virus.
Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.
6: Deleting potentially malicious data – Registry Reviver
Type each of the following locations in the Windows search box and hit enter to open the locations:
Delete everything you see in Temp linked to Registry Reviver. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.