11 popular Trojan clearing methods

Today, I am hanging out on the internet and found a post that is very helpful for the trojan virus detection and removal. It is very helpful for users like me who are often infected with the trojan virus. Now I have sorted it out:

I. Trojan Horse QQ
This is a QQ password theft software. The cleanup method is as follows:
1. delete an object.
Use the process management software to stop the spolsv.exe process (or to a pure DoS) and then go to the Windows/Alibaba file.
2. Check the registry.
In "run" in the "Start" menu, enter Regedit to check the registry and delete the string "netconfig" under HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/run.
Go to HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/runonce and delete the "winin" string.
3. restart the computer.

Ii. Trojan bladerunner
First, expand the Registry to: HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/run. You will see the string value system-tray, whose key value is C:/something/something.exe, in fact, C:/something/something.exe can be changed at will. It shows how the trojan owner has set it. So what you see may be different from what I said, but this does not affect our detection and removal.
Write down the name and folder of the Trojan based on the key value created by the trojan in the registry, return to pure dos, find the trojan file, and delete it. Restart the computer, and then go to the Registry to find the string value and its key value created by the trojan file we mentioned earlier, and delete it.

3. Trojan girl
A girl from Guangdong Foreign Languages and Foreign Trade University is the debut of the "girl from Guangdong and foreign languages" Network Group. Its basic skills include uploading, downloading, deleting, renaming, and setting attributes in file management, create a folder and run a specified file. Registry operations: fully simulate the Windows Registry Editor to allow remote registry editing to work as easily as on the local machine; screen control: you can customize the image quality to reduce the transmission time. In LAN or high-speed areas, you can also perform full-screen operations on the mouse that is under control (including clicking, double-clicking, right-clicking, and dragging ); other functions include remote task management, email IP notification, and email service. Compared with other similar software, girls from across the world are mainly characterized by the small size of the server-side program. The "glacier" that everyone is familiar with is more than 260 KB, while girls from across the world are only 96 kb! The server occupies a small amount of system resources, and only 3 MB of memory is used at most, which does not affect the speed of the server computer. It is concealed and cannot be easily discovered. It also automatically checks whether the process contains Kingsoft drug overlord, firewall, iparmor, tcmonitor, real-time monitoring, lockdown, kill, and Skynet", if the process is found, it will be terminated, that is, it will make the firewall completely out of protection!
How to clear girls from other countries
After the trojan program runs, a Trojan file named diagcfg will be generated under the system directory..
1. in pure DOS mode, locate diagfg. exe in the system directory and delete it;
2. Because the diagcfg. EXE file has been deleted, all the EXE files cannot run in windows. Find the Registration Table editor regedit.exe in the Windows directory and rename it "regedit.com ";
3. Return to Windows mode and run the regedit.com program under the Windows directory;
4. Locate hkey_classes_root/exefile/Shell/Open/command and change its default key value to "% 1" % *;
5. Locate HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/runservices and delete the key value named "Diagnostic configuration;
6. Disable the register table Editor, go back to the Windows directory, and change regedit.com.pdf to regedit.exe ".
7. restart the computer.

4. Trojan brainspy
1. Check the registry.
Expand the Registry to HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/run. You will see a string value in the window on the right *** = "C: /Windows/system/brainspy.exe ", where" *** "is randomly changed, but its key value remains unchanged as" C:/Windows/system/brainspy.exe ", delete the string value and key value.
2. delete an object.
Use the process management software to stop the process (or restart the computer to a pure DoS), and then delete the brainspy.exe file under the C:/Windows/systemfile folder to clear the trojan brainspy.

V. Trojan funnyflash
The funnyflash icon is a flash icon, which is easy to cheat. Do not run it as a flash file.
Clear method:
1. Check the registry.
Go to the Registry HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/runservices and delete the string value "723" and its key value "C:/'.exe ".
2. Delete the trojan file.
Go to the C root directory, C:/windows, and C:/Windows/systemfolder, find the 'cmd.exe 'file, delete it, and then delete the 'cmd' file in C:/Windows/temp' to clear the Trojan.

6. Special Edition of QQ password detective
This is also a QQ password to steal passwords. The Trojan file name is qqspysp. EXE and the file size is 379,904 bytes. The cleanup method is as follows:
Restart your computer to the pure DOS state, and then restart the C:/Windows/hosts and uttnskf. ini files to clear the Trojan.

VII. Trojan iethief
The iethief icon is very similar to the Browser IE icon. In contrast, the iethief icon adds a row of "Teeth" at the "e" opening on the right side ", this is a good way to identify it with a normal IE File.
Clear method:
1. Delete the trojan files and related information record files in the C:/Windows/System Folder: iethief.exe, firstrunie. dat, and iecfg. This step can be performed in pure dos.
2. Modify the registry:
Go to the Registry HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/run and delete the string value "ierun" and its key value "C:/Windows/system/iethief.exe.

8. Trojan qeyes lurks
A qeyes hacker is a QQ password stealing trojan. The removal method is as follows:
1. Enter msconfig in "run" in the "Start" menu and find win. INI label to delete the string "C:/Windows/thereadmsg.exe" under "run =" in the "[windows]" field ".
2. Check the Registry
In "run" in the "Start" menu, enter regedit and delete the string value netservice and its key value C under HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/run in the registry: /Windows/nesmsg.exe; Delete the string value system and its key value C:/Windows/system/kerne132.exe; then delete the string value boot and its key value C:/Windows/system/kerne116.exe.
3. Clear files
Remove the process. dll file from the Windows/systemfolder, delete the kerne116.exe1_kerne132.exe file, and delete the process. dll file in the root directory of the C drive.

9. Trojan blue flame
Blue flame is a trojan without a client. Almost any network-related program in your computer can be used to control it, such as telnet, sterm, cterm, zmud, FTP, ie, Netscape, opera, flashget, CuteFTP ...... Because there is no client, you can even control the server across platforms, such as in Unix or Linux systems ......
The blue flame client communicates with the server through port 19191. If it is a micro version of blue flame (this is a 10 k size micro version of blue flame), use port 9191 to connect. So, you can also find the "blue flame" through this method, the method is to run the netstat-a command in the MS-DOS window (called the command prompt in Win2000, if Port 19191 or port 9191 is open, it indicates that you are using a Trojan (this part of the introduction references pen pal's article ).
Clear method:
1. Delete the key value created by the trojan in the registry.
In "run" in the "Start" menu, enter regedit and go to HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/run to delete the network services and its key value C: /Windows/system/tasksvc.exe.
2. Restore File Association:
Go to the Registry hkey_classes_root/txtfile/Shell/Open/command and HKEY_LOCAL_MACHINE/software/classes/txtfile/Shell/Open/command, and set C: /Windows/system/sysexpl.exe % 1 changed to notepad.exe % 1
3. delete an object.
To C:/Windows/system, Delete tasksvc.exe‑sysexpl.exe and bfhook. DLL to clear the blue flame of the Trojan.

10. Trojan back construction clearing method
Go to the Registry HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/run and delete "C:/Windows/cmctl32.exe" in the right window ".
Delete a trojan file.
Restart to pure dos, or use the process management software to end with cmctl32.exe ", and then delete the cmctl32.exe file from the C:/Windows folder.

11. manually clear Ice Horse
Maybe you are in the glaciers and want to get rid of them. Here we will introduce you to a way to manually clear
Environment: Win9x
1. Run regedit to enter the Registry
2. Open hkey_classes_root/txtfile/Shell/Open/command"
3. Write down the "default" data (for example, C:/Windows/c_server.exe)
4. Change "default" data to "C:/Windows/notepad.exe % 1"
5. restart the computer and enter DOS mode.
6. Delete "C:/Windows/c_server.exe.
7. restart the computer.