Instructions

• 1). The Windows Registry contains extensive information about how your computer runs. Because removal of the virus requires extensive changes to the Windows Registry via the Registry Editor, it is important to back up the Registry prior to beginning the virus removal process.
  
  For infected Windows Vista computers: Click "Start." Type "systempropertiesprotection" in the "Start Search" box. Press "Enter." Type the password if prompted and click "Allow." Once the most recent restore points display, go to the "System Properties" dialog box on the "System Protection" tab and click "Create." Type the name for this backup and click "Create." Once the backup has been created, click "OK" twice to exit.
  
  For infected Windows XP computers: Click "Start," "Run," type "Windows\system32\restore\rstrui.exe" and click "OK." Select a restore point on the Welcome page and click "Next." Enter the name for the backup on the Create a Restore Point page and click "Create." Once the backup has been created, click "Close."
  
  For infected Windows 2000 computers: Use the Backup utility to create an Emergency Repair Disk.
  
  For infected Windows 95 computers: Restart the computer in safe mode and log in as an administrator. Press "F8" after the first beep occurs during start up, before the display of the Microsoft Windows 95 logo. Select the first option, to run "Windows in Safe Mode" from the selection menu. Click "Start," "Run," type "cmd" in the text box and press "Enter." At the command prompt type the following lines, pressing "Enter" after each line:
  cd windows
  attrib -r -h -s system.dat
  attrib -r -h -s user.dat
  copy system.dat *.bu
  copy user.dat *.bu
  
  For infected Windows 98 and Windows Me computers: Click "Start," "Run," type "scanregw," and click "OK." Click "Yes" when prompted to back up the registry. Click "OK" when notified that the Backup is complete.
  
  For infected Windows NT computers: Click "Start," "Run," type "Ntbackup.exe" and click "OK" to use the NT Backup tool to back up the registry.
  
  
• 2). If the operating system of the infected computer is either Windows Me or Windows XP, turn off System Restore while this fix is being implemented.
  
  To turn off System Restore within Windows Me, click "Start," "Settings," "Control Panel." Double-click on the "System" icon and select "File System" from the "Performance" tab. Left-click on the "Troubleshooting" tab and check the "Disable System Restore" box. Click "OK."
  
  To turn off System Restore within Windows XP, log in as an administrator and click "Start." Right-click on "My Computer," and select "Properties" from the shortcut menu. Check the "Turn off System Restore" option for each drive on the "System Restore" tab. Left-click "apply" and "yes" to confirm when prompted. Click "OK."
  
  
• 3). Restart the computer in safe mode and log in as an administrator. Press "F8" after the first beep occurs during start up, before the display of the Microsoft Windows logo. Select the first option, to run "Windows in Safe Mode" from the selection menu.
  
  
• 4). Remove any malware program files from the computer. Go to "Start", "Control Panel", "Add/Remove Programs". Remove any programs referencing "temp1.exe" or "gspotbot.exe." If none are listed, continue to Step 5. The malware program does contain hidden files that may not be deleted as part of the software removal process. In this case, it is likely that the downloader will reappear upon reboot. It is important to follow the outlined removal process completely to avoid reoccurrence.
  
  
• 5). Use the Windows Search tool to determine if "temp1.exe" exists on the hard drive. Go to "Start," "Search," "All Files and Folders." Type "temp1.exe" in the "All or Part of the File Name" section. Select "All Local Hard Drives" from the "Look in:" drop down list for the best results. Click "Search." Repeat this process for "gspotbot.exe."
  
  
• 6). Use the Windows Task Manager to end any temp1.exe processes that are running. Press "Ctrl+Alt+Del" to open Task Manager. Select the "Processes" tab, select "temp1.exe" and "End Process." Repeat the search and delete process for "gspotbot.exe."
  
  
• 7). Click on "Start," "Run," type "msconfig" and press "Enter." Remove check marks next to any "temp1.exe" and "gspotbot.exe" entries on the "Startup" tab. Save changes and exit to the desktop.
  
  
• 8). Click on "Start," "Run," type "regedit" and press "Enter." Press "Ctrl+F," type "temp1.exe" in the search field and delete all related entries. Repeat the process for "gspotbot.exe." Exit the registry.
  
  
• 9). Use the Windows Search tool to locate and remove all temp files associated with the virus. Go to "Start," "Search," "All Files and Folders." Type "*.tmp" in the "All or Part of the File Name" section. Select "All Local Hard Drives" from the "Look in:" drop down list for the best results. Click "Search." Right click on each occurrence of the file and select "Delete" from the shortcut menu. Repeat the removal process for "temp1.exe," "gspotbot.exe" and "temp*.exe."
  
  
• 10
  
  Reboot the PC normally.
  
  
• 11
  
  If temp1.exe still resides on the computer, repeat the above steps or try using a free automatic removal program from Trend Micro or AVG listed in the reference section below. If the files have been successfully removed, System Restore may be reactivated. To turn on System Restore within Windows Me, click "Start," "Settings" and "Control Panel." Double-click on the "System" icon and select "File System" from the "Performance" tab. Left-click on the "Troubleshooting" tab and remove the check from the "Disable System Restore" box. Click "OK." To turn on System Restore within Windows XP, log in as an administrator and click "Start." Right-click on "My Computer" and select "Properties" from the shortcut menu. Check the "Turn on System Restore" option for each drive on the "System Restore" tab. Left-click "Apply" and "Yes" to confirm when prompted. Click "OK."