Remove Win32/Small.CA as a multi-tasking computer threat

Win32/Small.CA displays strong traits of critical system risk. Oddly enough, some tools do not have its description so that they do not detect it at all or only heuristic routine may refer to relevant entries as to suspicious items.
The piece of malware sets up a communication with remote server sending data that may contain private and confidential information. In some cases the rogue may load content from the Internet, which classifies as adware and malware.
Removal of Win32/Small.CA needs to cover all its copies. The threat may drop its duplicates into shared and removable drives. To get rid of Win32/Small.CA, any copies of the rogue covered, follow free guidance as outlines below.

Method 1: Using Safe Mode with Networking + antimalware to remove Win32/Small.CA infection:

Step 1 > Please restart your PC, but do not wait for regular session to start. Instead, once anything comes to your monitor, press F8 reputedly and frequently enough so that a screen like the one below would get loaded. This is the menu where you need to select the suggested operating mode. Arrows on you keyboard enable you to navigate through the menu and mark Safe Mode with Networking. Once this is done, activate it by pressing Enter on your keyboard.

How to switch to Safe mode?

Step 2 > Prior to initiating any procedures, the processes run by Win32/Small.CA must be killed for good. This will prevent in from meddling into the extermination routine. Get RKill browsing to the link below so that this requirement could be satisfied.

downloadDownload RKill
Run it to stop malware processes

Set desktop in “Save as” routine. Once it is downloaded, double-click on the it in order to automatically attempt to stop any processes associated with Win32/Small.CA and other malicious software. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next Step.


If you get a message that RKill is an infection, do not be concerned. This message is just a fake warning given by Win32/Small.CA when it terminates programs that may potentially remove it. If you run into these infections warnings that close RKill, a trick is to leave the warning on the screen and then run RKill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that RKill can terminate Win32/Small.CA. So, please try running RKill until the malware is no longer running. You will then be able to proceed with the rest of the guide. Do not reboot your computer after running RKill as the malware programs will start again. If you continue having problems running RKill, you can rename it to “Iexplorer.exe”,“chrome.exe” and then try to start.

rkill download

Step 3 > Open your browser and download TDSSKiller. Run the utility and click “Start Scan” to anti-rootkit scan.

downloadDownload TDSSKiller
Utility for removing malicious rootkits.

tdss killer kaspersky

Step 4 >Download and install SpyHunter. It has a great capability as an antivirus and complex security suite to recognize, identify, contain and remove any and all threats, including, but not limited to, viral infections, malicious software, parasites that propagate using worm and trojan type routine, potential risks (PUP). Choosing to load and install onto your PC SpyHunter, free edition or advanced edition, ensures that you remove Win32/Small.CA PUP referred to as infection for the purposes of this guide.

downloadDownload SpyHunter
Adaptive Spyware Detection and Removal Tool

    • NOTE: There is a risk of the infection you are about to remove interfering with the above (Rkill, TDSS Killer, SpyHunter) and probably any other installations into compromised machine. Under such circumstances, please download software specified here into flash drives \ pen drives at a PC void of the infection. Upon completing this step, attach the removable drive (USB, external drive, CD/DVD) to affected machine so that you could install the solution despite the tricks.
    • OR follow these instructions:
      1. Click Start->Run
      2. Enter “” and press ‘Enter’.
      3. Press ‘Continue unprotected’
      4. Save the file on your desktop.
      5. Rename the .exe from xxx.exe to and run it.
      6. Now you have to remove Win32/Small.CA files that will be detected by a program.


downloadDownload SpyHunter
Windows XP, Windows Vista, Windows 7, Windows 8

Method 3: Zeroaccess Manual removal:

Important! Experienced users only!

Step 1> Locate, stop and delete the following processes and files:

    • %Windows%\system32\[random].exe
      %Documents and Settings%\[UserName]\Application Data\[random]
      %AllUsersProfile%\Application Data\.dll
      %AllUsersProfile%\Application Data\.ex

Step 2> Remove or change the following registry entries, using “Start>Run> print “regedit” command:

    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ?�?[random].exe?�?
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\?�?Shell?�? = ?�?[random].exe?�?

Step 3> Download reliable anti-malware solution to remove other malicious files and potentially unwanted applications:

downloadDownload SpyHunter
Adaptive Spyware Detection and Removal Tool

Leave a Reply

Your email address will not be published. Required fields are marked *