How i removed the dangerous WinAlert.exe,Commgr.exe & WinSySApp.exe virus

Nirmal Kumar
Sep 8, 2018 · 2 min read

Would like to share my experience on how i removed the dangerous virus which spoiled my time for more than 2 hours by not allowing me to open command prompts, task manager or any important .exe.

I have been with the Computer for more than 15+ years and i never used any Anti Virus Software. I Strongly believe these tools will make your system even worse by slowing down. Somehow the Virus came to my USB today and it affected my PC. When i opened the folder in the USB, it got duplicated immediately. I suspected something wrong and immediately tried to open the task manager. It got opened and close automatically. I finally decided something Virus affected the System. Then i went to open the command prompt. The same thing happened. It opened and close automatically.

Being in the Software field, i prefer to use the Cmdr Commandline and that window also abruptly hanged.

What does this Virus do ?

  • This virus completely blocks your access to Task manager, Command Tools and other Troublshooting options.
  • Simply replicates the folders with the .exe extensions. You will be thing that you opening a folder by its a .exe hidden.

Where does this Virus resides ?

  • It replicates in multiple paths. Especially your %USER%/AppData/
  • C:\Program Files\Windows Alerter\WinAlert.exe
  • C:\RECYCLER\JUNKFOLDER\WinSysApp.exe
  • C:\Program Files\Window Common Files\Commgr.exe

How to Remove the Virus :

There is no way to remove the Virus using Command Line. So here the steps i followed.

  1. Go to C:\Windows\System32\ and Copied the CMD.exe and Pasted in the Desktop and renamed to MyCmd.exe
  2. Then Created 3 .Bat Script to continuously delete the process based on .exe name. I wrote this .bat script as i am unable to open the task manager. Each bat script for each .exe
  3. Go to msconfig and unchecked the items which has entry for these .exe
  4. Go to regedit and use Ctrl + F to find the RegKeys with name Commgr.exe and delete those entries

Batch Scripts :

1.KillWinAlert.bat

:runagain
taskkill /f /im “WinAlert.exe”
timeout /T 1
goto runagain

2.KillWinSysApp.bat

:runagain
taskkill /f /im “WinSysApp.exe”
timeout /T 0
goto runagain

3. KillCommgr.bat

:runagain
taskkill /f /im “Commgr.exe”
timeout /T 0
goto runagain

Create these files and run them through the MyCmd.exe with Multiple Copies.

I mean run MyAlert.bat in 2 Process. The batch script continuously monitors the Virus.exe and deletes them. Then you can proceed to delete in other areas.

Now you should able to open the Task Manager, Command Prompt and Other .exe without any Issues.

Hope this helps to someone who is struggling with this Virus

Nirmal Kumar
Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade