How to remove W32Hitapop virus from your computer

How to remove W32Hitapop virus from your computer

Trouble:

One of our readers reported that his PC is infected with w32.hitapop virus. It is basically a worm / virus also called hitapop virus/worm. It embeds itself with the userinit action at the startup of the computer and runs certain malicious code as soon as a user logs into the system. This causes downloading of virus like contents and damages to computer software.

This virus can be easily fixed up manually by following the steps mentioned below:

 

Fix:

Let’s see how can we remove this software

Follow the procedure below:

1. Go to Start > Run, type regedit in the in the Run dialogue box and press enter. This will open the registry editor. To be able to open registry editor you need to have administrator rights.
2. Once you have opened the Registry editor, navigate to the location HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
3. At this path there is a key called userinit. The key is usually set to a value which tells what is to be executed at every time a user logs in. If your computer is infected with some virus, then the value should be something like  "Userinit" = "C:\WINDOWS\System32\userinit.exe,rundll32.exe %System%\winsys16_[RANDOM DIGITS].dll start" Note down the above [RANDOM DIGITS] on a piece of paper, we will use it in step 8 to remove virus files.
4. Change it to a value "Userinit" = "C:\WINDOWS\System32\userinit.exe"
5. Exit Registry editor.
6. Go to Start > Run , type cmd and press enter, this will open a command prompt window.
7. On command prompt, type " attrib -s -r -h c:\windows\system32\winsys16_[RANDOM DIGITS].dll" and press enter. Note that this random number is the number you get in step 3 above.
8. Now type Type "Del c:\windows\system32\winsys16_[RANDOM DIGITS].dll" and press enter. This is also the same random number as in step 3.

Now close the command prompt, restart your computer. We hope this will help to fix the trouble.