Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Hacking Techniques :: fix16.txt

Fixing SubSeven 1.6 BKI:




HackFix - SubSeven - Fix v1.6

NOTE: You should print this page for reference before starting.

Step one is to go to your Start menu, click Shutdown, and select "Restart
the computer in MS-DOS mode", then click ok.
When you do this, you should be in MS-DOS looking at a c:\windows\ prompt.
This version places itself at C:\windows\systray.Exe

Simply type
del systray.exe
This will delete the trojan.

NOTE: The file C:\windows\system\systray.exe is a REAL system file and
should NOT be deleted.
The file C:\windows\systray.exe is NOT a system file, and this would be the
trojan if found.

Do NOT delete the systray.exe in the windows\system folder!

If this errors, you may need to type
attrib systray.exe -h
to remove the hidden flag, and then type the delete command above.

Type exit to return to windows.

Next, click Start, and go to Run. In the box, type regedit and click OK.
When regedit starts, you will see a file-like tree on the left hand panel.
Open the folders to follow the path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
At the end, click on 'Run' once, and the right hand panel should change.
On the right hand side of Regedit, look for the item titled
SystemTray = "SysTray.Exe" Right click on that line only and choose delete.
Close regedit and reboot your PC.

Your now disinfected!


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH