How to remove the "Block Checker" malware correctly
Originally composed by Fergy at the Plus! forums
Step 1: Killing the processes
Download Sysinternals' "Process Explorer" here and install it.
Open Process Explorer and kill "csrss.exe" first.
To avoid killing the wrong csrss.exe process, look at the "User Name" column which lists who has started the process.
If it is "SYSTEM" or "NT AUTHORITY" or the likes, then it means it is the legit windows process started by Windows itself and shouldn't be killed. If it is your username/computername then it means the csrss.exe process has started up as a normal user program and thus is not legit and the fake one. This is the one you need to kill...
While still in Process Explorer, kill "block-checker.exe" if it is still there.
Step 2: Removing the files
Uninstall the block checker by going to "Add/Remove Programs" in the control panel.
Go into "C:\Program Files" and delete the folder labelled "Block Checker" (where C:\ is the drive you installed Windows on) if it is still there.
Delete the "exclusion_AOL.ini", "exclusion_MSN.ini" and "exclusion_Yahoo.ini" files located in windows' system folder (C:\Windows\System).
Clean out your recycle bin to totally remove the files from your HDD.
Step 3: Fixing the registry
Open your registry editor (Start > Run > regedit.exe) and navigate to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur rentVersion\Run" and delete the key named "block-checker".
(For a small tutorial on this, go to this site, because deleting the wrong keys could corrupt Windows).
Good rep if you wish to