Home Blog

Rootkit.boot.pihar.a – How to Remove Rootkit.boot.pihar.a by yourself

Posted by in Blog Trojan
on December 19th, 2012 | Leave a comment

Rootkit.boot.pihar.a is a rootkit Trojan like Rootkit.0access.H that can undermine a computer secretly on the background. Rootkit technology is used to hide pc threats from the detection of antivirus programs, so rootkit Trojan is hard to detect and remove. Rootkit.boot.pihar.a can download and install additional malicious programs on the compromised computer. Your antivirus may detect the download, but as long as the rootkit Trojan is on your pc it will continue bring other threats and your antivirus may not be able to detect all of them effectively. It runs at windows startup, changes system setting, access log files and monitor users’ activities. When your antivirus warns you of the Trojan, you should take action to delete it from your computer. Do you encounter problems to remove the Trojan? You can learn how to remove Rootkit.boot.pihar.a manually or automatically here.

Manual removal instruction
The Trojan creates registry entries and files on your computer. You need to find them out and delete them completely. It may be a little complicated. So be careful not to remove a legitimate file.
1. Remove Rootkit.boot.pihar.a from windows registry

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionSettings net ”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “[Random] exe”.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonShell

2 All this rootkit files and delete them all.

C:. WINDOWSsystem32_VOID [RANDOM] dat
C: WINDOWSsystem32uactmp.db
C: WINDOWSTemp_VOID tmp [RANDOM]
C: WINDOWS_VOID [RANDOM]
C:. WINDOWSsystem32UAC [RANDOM] db

How to remove Rootkit.boot.pihar.a automatically
If you think manual way is too complicated, here is an easier solution. What you need to is just to download a professional virus removal program which will take care of everything automatically. It is necessary to install an advanced virus removal program like Spyware Cease if you have no other ways to remove Rootkit.boot.pihar.a completely. Using a virus removal program is not just to save time but also to make sure the compromised system remain stable after the removal.

Professional virus removal programs like Spyware Cease are usually easy to use. You could get rid of Rootkit.boot.pihar.a in simple steps.
1. Download and install Spyware Cease
2. Run and launch a scan
3. Click Remove button after scan

Leave a Reply