XP is a lot more difficult to remove than vista or 7, vista or 7 can use safe mode typically to just do typical scans, XP got the short end of the stick.
1. Press f8 on startup to go to safe mode with command prompt
2. Select the user account that was originally infected with the FBI virus
3. in the black window that shows, type ‘ cd %temp% ‘
4. type ‘ del * /f ‘ and hit enter
5. type ‘ cd C:\Documents and Settings\[Your username]\Application Data ‘
6. type ‘ del *.exe /f ‘
7. Reboot hitting f8 and select safe mode with networking
8. Log into Administrator
**To skip steps 9 – 14 you can simply run this script **
9. hit Control+Shift+Esc to launch task manager and then go to file -> new task and type regedit
10. Under Regedit go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\
11. Also check HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies
\System for any additional keys
12. Reboot with f8 to safe mode with networking
13. Select your local user profile
14. Explorer should hopefully load (partially). Run Unhide.exe
15. This should restore the desktop, now use RegAlyzer to fix the key HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
16. Follow up with typical scans with Hitman Pro & MalwareByte’s AntiMalware.
I am a tech enthusiast constantly moving toward developing a higher understanding of the Windows, viruses, programming, reversing, and virtually anything else computer related.