Silent Runners - Using ERDNT

Home Page

The Script

Download

Disinfection
Service

Launch
Points

Terms
of Use

Procedures

Thanks

Contact

Using ERDNT

(To download these instructions as a printable PDF file, right-click on this icon:

and choose “Save Target As…”)

To remove the adware/spyware launch points, you'll need to backup and restore your registry using the freeware programs “ERUNT” and “ERDNT”.

Here, I'll show you where the registry backup is stored, the files that I may need to disinfect your system, and how to use ERDNT to restore the registry after I've returned the disinfected registry files to you.

Go to the directory that contains the backup copy of the registry:
C:\WINDOWS\ERDNT\backup_date_here\

$Go into C:\WINDOWS\ERDNT$

$Go into C:\WINDOWS\ERDNT\backup_date_here\$
Inside the directory with the date name, I may ask you to zip up and send me the files software and system. I may need only one of them.

I may also ask you for a file found in a subdirectory of the Users directory.
That file is NTUSER, found in the 00000001 subdirectory of the Users directory, . (If Windows is displaying file extensions, NTUSER will be named NTUSER.DAT.)

$"NTUSER.DAT" is found in the Users\00000001 subdirectory.$
I'll disinfect the registry files you send me. When you get them back, you'll move them one at a time into the ERDNT backup directory, overwriting the infected versions.
Once the backup copy of the registry contains the disinfected files, the registry restore program will be used. To restore the backup copy, return to the date-name directory and double-click on the “ERDNT” icon.
At the “Welcome” window, press the “OK” button.
This is the most important window! Accept the default choices. Make sure that both “System registry” and “Current user registry” are both checked. Then press the “OK” button.
When this window appears, press “OK” to reboot.
When Windows reboots, it will use the backup copy of the registry with the disinfected registry files.