Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.
If this guide was helpful to you, please consider donating towards this site.
- Entries named "firefox" and pointing to "?<$APPDATA>\firfox\firfox.exe?".
- Entries named "HTNYEL" and pointing to "?<$APPDATA>\Windata\MDZYTH.exe?".
Please use Windows Explorer or another file manager of your choice to locate and delete these files.
- The file at "<$APPDATA>\firfox\firfox.exe".
- The file at "<$APPDATA>\Windata\MDZYTH.exe".
- The file at "<$LOCALSETTINGS>\Temp\HTNYEL.vbs".
- The file at "<$LOCALSETTINGS>\Temp\ZMWNIT.exe".
Make sure you set your file manager to display hidden and system files. If Win32.Autoit.prp uses rootkit technologies, use the rootkit scanner integrated into Spybot-S&D 2.x or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!
Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.
You can use regedit.exe (included in Windows) to locate and delete these registry entries.
- Delete the registry value "HTNYEL" at "HKEY_CURRENT_USER\Software\Win32\".
If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,