Experience in killing 8-bit random number viruses (IEFO hijacking causes various viruses to fail to run)

A virus that I have experienced. after hard work, I finally got it done. I have summarized my two experiences for you to share.

The eight-bit random number virus is a type of IEFO virus. The virus is characterized by the inability to enter the safe mode and to open hidden and system files, you cannot install and run various anti-virus and Repair System Software. What's more, you cannot search for webpages such as anti-virus in search engines. Otherwise, close the current window immediately! In addition, two files are stored in the root directories, autoruns.exe and 8-bit random number. dll. In C: PROGRA ~ 1COMMON ~ 1 micros ~ 1. Two 8-bit random number files are left in the MSINFO directory. This virus is rather difficult to kill, and there is no simple exclusive killing tool. There are already some manual killing methods provided by many experts on the Internet, which can be used as a supplement based on your actual killing situation.

Prepare the required tools: SREng, autoruns, and fix the security mode. reg.

1. after downloading sreng back, change the name and run it again. Click system repair ------ advanced repair ------ Automatic repair, and then click repair security mode. I found that, in fact, it cannot fix all situations where security mode cannot be applied. So what's more, start the project with seng, delete the 8-bit random number and some unknown items, and then go to the service ------ win32 service application to hide Microsoft's authenticated services, and then delete some other unknown services.

2. Run the repair security mode. reg and restart it to enter the security mode. The general method on the Internet is to run the repair security mode in sreng, or run the repair security mode separately. reg, actually tested by myself, does not completely effectively repair the security mode, it is best to use both.

3. In security mode, rename the downloaded autoruns, run it, select Image hijacking, and delete everything except the Your Image File Name Here without a pathSymbolic Debugger for Windows 2000! Because many anti-virus software are hijacked, it is hard to manually delete a row. You can press ctrl + d right hand and press the keypad to press enter, it is also relatively fast.

4. Open the registry, set the CheckedValue on the Right of hkey_local_machinesoftwaremicrosoftwindowscurrentversionpoliceradvancedfolderhiddenshowall to 1, and then you can open the hidden file. Use winrar's viewing function or use the resource manager to delete the 8-bit random number. dll and autoruns under a partition directory, and delete C: PROGRA ~ 1COMMON ~ 1 micros ~ An 8-bit random number in 1 MSINFO. dll and 8-bit random number. dat. delete the temporary system directory, such as C: Documents and SettingsAdministratorLocal SettingsTemp, and delete the 8-bit random number under the C: WINDOWSHelp directory. delete chem.

5. After restarting, you can use all kinds of anti-virus software. After upgrading to the virus database, kill it. There should be many random Trojans or viruses. We recommend that you use 360 security guard to install system patches and clean up rogue software, and use rising star or kasbaki for antivirus purposes (personal preferences ).

Certificate -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Of course, if you think the above manual killing method is too cumbersome, I can teach you a simple trick: Generally, you have to back up multiple ghost or one-click recovery genie, all you need to do is restore the system (or reinstall the operating system with the XP disc ). You can just delete the secret.
------ Fortunately, although this type of virus is hateful, it still persists: The Registration Table editor regedit's operation is not damaged. The most important thing is that the application .exe of another partition has not been destroyed, and The gho file on your hard disk has not been deleted. If you adopt the simple method behind me, the processing will be very fast.