exe virus remover

Idea: Create a new program file type with the extension eee Modify the name of the file you want to protect with the extension eee. Method: Copy the following code as reg file and import the registry: Windows Registry Editor Version 5.00 [Hkey_classes_root\.eee] @= "Eeefile" [Hkey_classes_root\eeefile] @= "Application" "EditFlags" =hex:38,07,00,00 [Hkey_classes_root\eeefile\defaulticon] @= '%1 ' [Hkey_classes_root\eeefile\shell] [Hkey_classes_root\eeefile\shell\open\command] @= "\"%1\ "%*"

Behavior: 1. Release the file: C: \ WINDOWS \ SYSTEM \ Services. EXE 65536 bytes C: \ WINDOWS \ SYSTEM \ sysanalysis. EXE 65536 bytes C: \ WINDOWS \ SYSTEM \ assumer.exe 976896 bytes2. Delete the backup file:C: \ windows \ system32 \ dllcache \ assumer.exe3. overwrite the System File: C: \ WINDOWS \ assumer.exeWhen the system starts, run the virus body firs

start the software you need. Note: you cannot open the software by clicking the OPEN button. This method is applicable to most software except office series .) The second time I got depressed !! 2nd, I decided on the assumer.exe process. I suspected there was a Trojan. I downloaded the esido-guard active software and found 8 Trojans. But again, the process was still being done, and the webpage was very slow. Thanks for the first time !! Access to open the web page, according to the slow, an

confirmed Au_.exe is an integral part of the NSIs installation package, not a virus When it unloads 360safe, it does connect to port 80 of the following address 60.195.253.85 Grab the bag as follows: SOURCE Address: 10.1.5.189 Port: 1214 Destination Address: 60.195.253.85 Port: ttl:64 packetsize:64 Protocol: TCP TCP flag: ack| URG 0x02 0x04 0x05 0xAC 0x01 0x03 0x03 0x02 0x01 0x01 0x08 0x0A 0x00 0x00-0x00 0

finally come here to find it. Summary: This kind of virus is more easily exposed, it is recommended to manually delete the best way to enter Safe mode, because Safe mode only run Windows prerequisite system process, EXE virus is very easy to expose, the following attached a Windows security mode must process table: Smss.exe Session Manager Csrss.exe Subsys