Summary of problems similar to autoruan

1. Right-click an additional "automatic playback"

1. "Start-run", type cmd, press enter, enter DOS Status, enter C:, and press Enter. enter dir/a for the vehicle (No parameter a cannot see the hidden file. execute a to display all files)
2. at this time, you will find an autorun. inf file, and then enter attrib autorun. inf-s-h-r and press enter to remove autorun. the "system", "read-only", and "hidden" attributes of the inf file. Otherwise, the file cannot be deleted. Then enter del autorun. inf.
3. Double-click drive C and try it. If it can be opened, click OK.
4. if you are asked to locate a command, such as ESKTOP. when EXE or other files are running, enter the registry, clear the information in the Registry: "Start-run", type regedit, "edit-search-DEKTOP. EXE or others. The first one found is the automatic running of drive C. The entire shell Sub-key is deleted.
Double-click drive C. You can open it!
Repeat the preceding operations to solve other drive problems. To prevent exceptions, back up the Registry and other files to be deleted.

2. Hard drive letter double-click cannot open solution
This is generally due to the recent popular rose virus, which can be manually cleared:

1. open my computer and click "Tools" --> "Folder Options" --> "View". In "advanced options", hide "protected operating system files (recommended) "Remove the check mark in front of one item, and select" show all files and folders "in the" hidden files and folders "tab ". -------- this operation facilitates the following operations to open the hidden file display.

2. click "start" ---> "run", enter "regedit", enter registry editing, click "edit" ---> "Search", and enter "ROSE" in the "search target" column. EXE "press enter to search for the key value. After checking the key value, delete the key value directly, and then press F3 to continue searching for the remaining key value. If you find the key value, delete it, generally, the poisoned system generates two key values. After you delete the key, press F3 until the registry search is completed to ensure that no key value exists in your registry. -------- to intercept ROSE. the copy source of the EXE file.

3. Access all drive disks on your computer (do not double-click the drive letter and choose "open" from the shortcut menu !), In the root directory of each disk, you will see two files: "rose.exe" and "autorun. inf ", delete all the" rose.exe "files in all your computer disks. Do not omit them. (The virus exists only in the root directory of each disk. Do not double-click the virus on each disk to open it directly !) ------- This operation completely breaks down the executable file of the virus.

4. after completing step 3, you will find that the "rose.exe" file no longer exists, but "autorun. inf "is still there and cannot be deleted, it still appears after refresh, it doesn't matter, restart the computer, enter the system, still right-click" open "to enter the computer disk, delete all "autorun. inf "file, you will find that this deletion is successful, -------- this step to throw the need to note that do not double-click to enter the computer disk, otherwise the previous success will be abandoned!

5. Restart your computer (Be sure to) and repeat Step 1 to search and delete it. This is a success!

Iii. Solutions for netizens
Today, a friend called me and asked me if his computer couldn't open the hard disk again. In fact, double-clicking cannot open the hard disk is a problem that many netizens often encounter. How can this problem be solved? A: We recommend that you scan the system with anti-virus software to eliminate the virus impact. This error is caused by the small icon of "resize. You can find autorun. inf file, open it with notepad, view the line "icon = icon name", find the icon and autorun. delete the inf file and restart the system to solve the problem. Delete this line, save and exit.

TIPS: some may think that the autorun. inf file itself is a virus, or how does it change the disk opening format and icon, causing great trouble?
In fact, autorun. inf is not a virus. It was originally applied on a CD. Many of my friends have used a CD that will automatically run, right? For example, if the computer reports a subscription disc, the disc will automatically run thanks to the autorun. inf file.
Autorun. inf is a text configuration file. You can use text editing software (such as NotePad) to edit it and place it under the root directory of the drive. This file contains commands that need to be run automatically, such as changed drive icons, running program files, and optional shortcut menus. Autorun.inf的“openprogram name .exe "is the name of the program to be run automatically. For example, after you put the program into the CD, the CD runs the specified program, and" icon = icon name. ico is the content of the drive letter icon.
Deleted. If the icon of the disk partition is changed, the Autorun. inf file must be a zombie.
Note that if the opening format of the partition is not changed, but the icon is changed, but there is no autorun. inf file under the disk partition, the problem lies in the registry. Click Start> Run. In the run dialog box, enter Regedit and press enter to start the Registry Editor. Go to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorer and check if there is any subitem DriveIcons under Explorer, delete it.

4. The drive D cannot be opened by double-clicking. It turns out to be a love backdoor.
Recently, lovgate virus r/s variants on the Internet are rampant, making it easy to search and kill. What should I do? I also encountered this situation. I searched a lot of Methods online, but they did not work. After self-exploration, this method is very effective. I will close up this article to attract readers.

==================================
D, e, f, and g disks (if any) cannot be opened directly by double-clicking. Windows cannot find COMMAND. EXE file. The file must be located. After C: windowsexplorer is located, an error "/StartExplorer" will be prompted each time it is opened, and the drive folder can still be opened. The virus writes an AutoRun. inf file under each drive:

Open = "X: command.exe"/StartExplorer (Note: X is the drive letter)

 

[Note] remember the command suffix, because each machine may be different, some are exe, some are com.

Therefore, if you do not have anti-virus, the virus will be activated every time you open the/D/E/F/G disk.
Rising is too stupid to help you solve this problem (even if you upgrade to the latest version, rising website exclusive kill will not be able to solve it, and there is no relevant instructions), you need to manually solve it.

Solution ):
==============================
Start
Run
Cmd (open a command prompt)
D:
Dir/a (No parameter A is invisible, and A shows all meanings)
At this time, you will find an autorun. inf file, about 49 bytes
Attrib autorun. inf-s-h-r removes the system, read-only, and hidden attributes of the autorun. inf file. Otherwise, the file cannot be deleted.
Del autorun. inf

This is not complete yet, because you double-click the drive letter that is not opened, but you get an error. To locate command.exe, The automatically run information has been added to the Registry.

Clear the information in the Registry as follows:
Start
Run
Regedit
Edit
Search
Command.exe (depending on the specific suffix, some are command.com)
The first one found is the automatic running of the d disk, which deletes the entire shell Sub-key.
After that, double-click drive D. Can I open it?

==============================
Waking up: backing up important data in a timely manner is more effective than killing

Introduction: lovgate integrates worms, backdoors, and hackers to send emails via virus emails. It establishes a leak channel for users' computers by creating backdoors, by releasing a backdoor program to communicate with external remote Trojans, by releasing a password theft program to actively steal the computer password, and remotely spreading the LAN, all computer users are subject to virus control, network paralysis, information leakage, and other serious consequences.

FAQs
Name: W32/Lovgate. r @ M
Date detected:
Size: 97,280 bytes
Transmission channels: EMAIL transmission, RPC Vulnerability transmission, USB flash drives, and mobile hard drives, and network sharing.
Network transmission path: A New Lovgate Virus Variant. it searches for the nearby IP sharing directory through port 445 to weaken the password.
Password cracking: After successful password cracking, share the media directory, start the NETMANAGER. EXE Remote Management Program, and use it as a server to continue searching for adjacent IP addresses for Fast propagation.

1. When a virus is executed, the following files are generated:

Using system1_hxdef.exe
%Systempolicipolice.exe
%System%WinHelp.exe
%Systemw.netmeeting.exe (61,440 bytes)
Using system1_spollsv.exe (61,440 bytes)
% SysDir % IEXPLORE. EXE
% SysDir % kernel66.dll
%Sysdir1_ravmond.exe
% WinDir % SYSTRA. EXE
% SysDir % msjdbc11.dll
% SysDir % MSSIGN30.DLL
% SysDir % ODBC16.dll
% System % lmmibw.dll

C: COMMAND. EXE (added to the autorun. inf file, which is automatically transferred when you double-click the disk)

2. Generate files with suffixes COM, EXE, PIF, and SCR under the root directory of each disk. The common names are as follows:
Pass
Bak
Password
Email
Book
Letter
Important

3. Modify the registry and automatically load and run virus programs when the machine starts.

HKEY_CURRENT_USERSoftwareMicrosoftWindowsNTCurrentVersionWindows
"Run" = RAVMOND.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun "Program In
Windows "= % SysDir % iw.e. EXE
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionunServices
"SystemTra" = % WinDir % SysTra. EXE
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun "VFW
Encoder/Decoder Settings "= RUNDLL32.EXE MSSIGN30.DLL ondll_reg
The last line is the virus backdoor service.

4. automatically generate and load three services

1. Display name: _ reg
ImagePath: Rundll32.exe msjdbc11.dll ondll_server
Startup: automatic
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices \ _ reg
Description: backdoor service is provided.

2. Display name: Windows Management Protocol v.0 (experimental)
ImagePath: Rundll32.exe msjdbc11.dll ondll_server
Startup: automatic
Description: Advanced Server, which performs a scheduled LAN scan.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWindows

3. Display name: Windows Management Network Service Extensions
ImagePath: NetManager