I have AVG 7.5, Lavasoft Ad-Aware SE personal and just recently installed Windows Defender. they all do a great job of identifying Win32/Renos and apparently delete it or "heal" it However every time i switch off computer and turn it on again the file or virus is found again and sure enough the fake windows pop-up appears telling me my computer is infected.
It is not the end of the world as windows defender just finds it again next time i boot up, i delete it and the warning goes away but it's beginning to get really really irritating.
anyway of actually deleting this thing once and for all?

10 Years
Discussion Span
Last Post by salim hussain

hello, there may be other ways, and my way may not work if you don't have Windows Vista. Maybe someone else can enlighten me, or maybe you know, but this is what my IT brother emailed me when my computer was infected and impossible to operate. My vista edition remembers the state of th computer at intervals of time, and all I have to do is restore the computer to a time before the virus was there, and it works wonders. My brother's instructions are following. He did type it fast, and it was late at night, but I think you will find it accurate, at least for vista.


Action:Go to safe mode with command prompt

Start the computer anf start tapping F8

Go to safe mode with command prompt

Result: Done

Action:Type cd\

cd windows\system32


Restore to (Choose date before infection).

Result: Done



Win32.Renos is an executable with DLL or EXE extension, located in Windows, Windows System or in a root folder of C: drive, this file can be safely deleted or renamed.
You should really follow the steps shown in this sticky Read me before posting a request for assistance
and PLEASE note THIS instruction;

You will need to flush your restore points AFTER the fixing process has been completed to ensure that no malware is preserved.

The reason it is recommended doing AFTER you are certain that the computer is clean is that very few people can be absolutely certain of the date and time of infection. Plus using System Restore as a way of cleaning infection is just not recommended.
Follow all the steps given in the sticky. When you have completed the steps given then post back here with the requested logs.


Hello jholland1964

Viruses have tendencies to re-start on the user that
was affected; how about creating another user; like adding a 1 to your name. Don't log on this before you reclean the computer and then login the new user - you'll most probably see that the Malware/Trojan will not automatically install back.
The probable cause is that your temp files contains the dirt.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.