Sy.exe Virus Removal method

A few days ago colleagues in the computer process inexplicably appeared 1sy.exe,2sy.exe,3sy.exe,9sy.exe,8sy.exe,svchost.exe,rundl132.exe such files, as long as the. exe files are discolored, change flowers! In addition, the reload system did not, after another think the virus must be linked with the shutdown program, so the patience and reload the system, according to the following detailed steps to kill the virus, please refer to the Recruit:

Pay attention to the Rundl132.exe boot program.
No anti-virus software found in China
But the virus is obvious.

Rundl132.exe automatically visited the virus website after power-on operation
With the Jiangmin network forensics, he visited the site.
and Swttings\administrator\localsettings\temporary Internet Files in C:\Documents and
Leave a virus
Rundl132.exe can say it's not a virus.
He's just a virus agent.
So the antivirus software can't find it.

Because it's not a virus.
So it's easy to handle.

Run the Msconfig to remove the hook in front of the rundl132.exe in the boot.
It's not going to be visiting the virus site.
and remove the C:\WINDOWS\rundl132.exe.
(Rundl132.exe and rundll32.exe are not the same do not know you see it?
Front is 1 The latter is L don't delete C:\WINDOWS\system32\rundll32.exe.

Remind you of all the color-changing icons in your computer.
into a virus like rundl132.exe.
Not only the C disk has
Legend, Bubble Hall, and other games icon discoloration they have become a virus OH
Just one click
Rundl132.exe boot up again.
So the discoloration is all viral.
To clean up

Svchost.exe is normal.
The service host process is a standard dynamic connection Library host processing service. Svchost.exe is an ordinary host process name for services running from a dynamic Connection library (DLL). Usually only a Svchost.exe program is found in the C:\Windows\System32 directory. If you find a Svchost.exe program in another directory, it is likely to be poisoned.

And notice if you're sure it's a Svchost.exe letter, don't look wrong.
Task Manager---In process if the name "Svohost" is found. EXE ", then the description has been infected with the" QQ Pass (Trojan.PSW.QQPass) "
The antivirus software can be traced as soon as the virus database date is August 15.

Finally left 1Sy.exe 2Sy.exe 3Sy.exe ... Had
Someone on the internet said it was deleted and it came out.
But I solved rundl132.exe, after this headache.
It never happened.
Do not know 1Sy.exe 2Sy.exe 3Sy.exe ... is not rundl132.exe access to the virus site appears after

But just in case.
Online said C:\WINDOWS\ added Rundl132.exe, VDll.dll, 0sy.exe~9sy.exe and other documents, increased the logo1_exe process, and the icon into a square flower shape, the result even the net is not even on the

The solution is to use logo1_.exe rising kill tool or with McAfee overall killing!!

Rising Logo1_.exe worm virus Special Kill
/page/d2007/0414/24629.html

and recommend the world's strongest Trojan horse software Ewido

He'll check all the memory, the registry and the folders.
Download Address: http://download.it.com.cn/softweb/software/firewall/antivirus/20056/11799.html
Available to 2007.2 of Key:70ew-th17q1-pm-c01-s1w2qd-mem-nuyy

Summarize:
To update the anti-virus software's virus database date at all times
So we can find a new virus.

And, uh, about your discoloration icon.
Even if they kill the poison,
There might be a discoloration icon in the computer.
If some EXE files are not available
It is recommended to put the hard disk all grid, and then reload it!

"There's a lot of friends in this virus lately, in the virus, start the computer after the desktop loading does not go in, can only open Task Manager, you can see the process inside there will be called 9Sy or 9Sy.exe program, close it can enter the desktop. This is a Trojan virus that automatically downloads n multiple viruses, Severe time can cause system crashes ~! hard to wrap! "
It seems that the virus can also cause the computer no sound, anyway, my computer has no sound ~ below I say several solutions, it works no matter how to try it on your own ~! when you find yourself in the process of the computer "LSASS. Exe;logo.exe;8sy.exe;9sy.exe "etc, should be in the" Sunway "virus, which is a variant of Sunway virus very bt~! very shameless ~! very obscene ~! very lewd ~! very ... It's a ~!.

Process files: 9Sy or 9Sy.exe
Process Name: trojan-psw.win32.agent.al

Describe:
9Sy.exe is the trojan-psw.win32.agent.al Trojan related program, the proposal deletes immediately.

Produced by: unknown N/A
Belong to: trojan-psw.win32.agent.al

System process: No
Background program: No
Use Network: No
Hardware Related: No
Common error: unknown n/A
Memory usage: unknown N/A

Security Level (0-5): 2
Spyware: No
Advertising software: No
Virus: Yes
Trojan: Yes

You can find "Gold/Sunway" in the homepage virus list, click to enter this interface: http://shadu.baidu.com/sitenews/rank.jsp?id=170

PS: Baidu only 3 ~? No, Dr. Ann, I'm down, why do I feel like installing a Trojan horse ~0_0#

You can see that there are three dedicated kill tools:

Virus Name: worm/viking

Virus Chinese name: Wiking/Sunway

Virus type: Worm, Trojan

Hazard Level: ★★★

Impact Platform: Windows 98/me/nt/2000/xp/2003

Special Kill tool: Dr. Ann kill Tools Jiangmin Kill Tools

★ Rising also has a special kill Sunway virus tools you can go to the rising official network down to try, but the scan seems very slow ~!★

Address: http://it.rising.com.cn/Channels/Service/2006-07/1153119832d22607.shtml

"If the above software is not good then you use this kind of ~! very strong software, but also not omnipotent, can also fail ~!"

★ Wei The Special Kill tool written by Mr. Xu

Download Address: http://www.chenoe.com/AntiVirus/

Download the Kill tool and Virus feature library to the same directory to run the ~! hope you can kill the damn virus ~!

But you better also next Kaspersky, and security defender ~! with these two software. Good luck killing the virus. ~!

If it's still not working, then just format the disk. ~! "Sunway" virus reload system useless ~! can only do so, do not want to format and kill the computer, or a new computer to buy again ~

PS: Anyway, I have tried, killed 300+ other Trojans and viruses, but "sunway" kill ~! should be the rp problem = = #看来我只能找人格式化硬盘了 ~!

Copy the following text and save it as a bat format (e.g., C:\kill.bat)

@echo off

NET share C $/del
NET share d$/del
NET share e$/del
NET share f$/del
NET share admin$/del
NET share ipc$/del

WMIC process where name= "Logo1_.exe" call terminate 
WMIC process where name= "Rundl132.exe" Call TERMINATE&NB Sp
WMIC process where name= "0Sy.exe" call terminate 
WMIC process where name= "1Sy.exe" Call terminate 
WMIC process where name= "2Sy.exe" call terminate 
WMIC process where name= ' 3Sy.exe ' Call terminate 
Task Kill/fi "imagename eq 4Sy.exe"  
taskkill/fi ' imagename eq 5Sy.exe '  
taskkill/fi ' imagename eq 6Sy.exe " 
Taskkill/fi" imagename eq 7Sy.exe  
taskkill/fi "imagename eq 8Sy.exe"  
Taskkill/fi "Imag" ENAME eq 9Sy.exe " 
WMIC process where name=" vm_sti. ESE called terminate 
WMIC process where name= "SvchsOt.exe" call terminate 
WMIC process where name= "Svch" S0t.exe "Call terminate 
WMIC process where name=" Logo1_.exe "call terminate 
WMIC process where name=" R Undl132.exe "Call terminate 

Del C:\windows\logo1_.exe
Del C:\windows\rundl132.exe
Del C:\windows\0Sy.exe
Del C:\windows\1Sy.exe
Del C:\windows\2Sy.exe
Del C:\windows\3Sy.exe
Del C:\windows\4Sy.exe
Del C:\windows\5Sy.exe
Del C:\windows\6Sy.exe
Del C:\windows\7Sy.exe
Del C:\windows\8Sy.exe
Del C:\windows\9Sy.exe
Del C:\windows\logo1_.exe
Del C:\windows\rundl132.exe
Del C:\windows\svchsO.exe
Del C:\windows\svchs0.exe

REG DELETE hklm\software\microsoft\windows\currentversion\run/v Load
Reg delete Hkey_local_machine\software\soft\downloadwww/v Auto
Reg delete Hkey_local_machine\software\microsoft\windows/v Ver_down0
Reg delete Hkey_local_machine\software\microsoft\windows/v Ver_down1
Pause
Taskkill/fi "imagename eq cmd.exe"
Taskkill/fi "imagename eq cmd.exe"

Install pure DOS (not Windows command Prompt) and restart execution C:\KILL. BAT (the filename you just saved), enter
Then enter exit, return, reboot.

Go to XP and run C:\kill.bat (the file name you just saved)
Reboot