A few days ago a friend called me to tell me that his computer was infected with the virus, and can not be killed, asked me to help repair the nasty virus, so I went past.
In the past, found that as long as you want to open antivirus software or with "virus", "antivirus" The words of the website, will automatically shut down, but normal access to other websites; When you enter Safe mode, you will always restart the machine, so that you can never enter the safe mode.
So I took a USB flash drive to copy a terminal anti-virus software to the machine, and to install, after installation after the end of the anti-virus software is always shut down, unable to start. Tortured for a while or couldn't open the end-cutter or antivirus software, and later, think as long as open with "virus", "antivirus" The words of the website, will automatically shut down, I thought of the end of the language pack also with "virus" words, so I found the end of the installation directory, and found in its Directory language pack (C:\ Program Files\terminatorlangchs) Directory of Lang2.ini, Secanalyst.ini, Upgradelang.ini three files, and all of its files in the word "virus" removed it (also can be replaced with other text , such as: 123, and so on) and save, and then I started the final section, the miracle appeared-the end-cutter finally got up, then saw a peak of hope.
Security Analyst Download Address: http://www.skycn.com/soft/26423.html
When the end-cutter got up, I scanned the system with its scanning function and found many high-risk suspicious programs (shown in Figure 1 below).
Figure 1 Suspicious procedure found
After the scan is completed, save the scan report, and then restart the system with the safe return of the final intercept. In the prompt window after the security return reboot system, the prompt intercepts three dangerous programs (as shown in Figure 2 below), clicking "Open Editor" to set the "next state" of the blocked three programs to be banned (see Figure 3 below).
Figure 2 intercepting suspicious programs
Figure 3 Security regression function
At this point, I tried to open with "virus", "antivirus" website, found unimpeded, can be smooth access, will not be closed.
I then based on the scan report I just saved, I manually removed all the suspicious programs that were intercepted. After the deletion, restart the computer, all normal, Safe mode can also be successfully entered, then it is done.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
