Virus Seizure Symptoms
1. Generate many 8-digit or random-named virus program files, and automatically run when the computer is powered on.
2. Kidnapping security software, poisoning will find almost all anti-virus software, System management tools, Anti-spyware software can not start normally.
3. The hidden file cannot be displayed properly, and its purpose is to better hide itself from being found.
4. Disable Windows Automatic Updates and Windows Firewall so that when the Trojan is working, there is no hint window to bounce out.
5. Damage system security mode, so that users can not start the system to safe mode to maintain and repair.
6. Viruses close these windows when there are antivirus, security, and community-related keywords in the active window. If you want to search through the browser for virus-related keywords, the browser window will automatically close.
7. In the local hard disk, U disk or mobile hard drive to generate Autorun.inf and the corresponding virus program files, through the automatic playback function to spread. Many users format the system partition after reloading, access to other disks, immediately again poisoned.
8. The ultimate goal is to download more trojans, backdoor procedures. It is up to the user to suffer the loss at last.
Preventive measures
For viruses, good preventive measures, better than after the poisoning and then racked their brains to find a way to kill, and once infected with the virus, the removal process is quite complex, so, in the interview, Jinshan, Jiangmin, rising and other anti-virus experts to reporters to provide a preventive measures against the virus:
1. Take good care of their own U disk, MP3, mobile hard disk, such as mobile storage use, when the foreign U disk access to the computer, please do not rush to double-click to open, we must first after the anti-virus treatment, we recommend using a U disk virus immune function Anti-Virus software, such as KV2007 unique U disk Shield Can be immune to all U disk virus by double-clicking the U disk when running.
2. Patch the system, especially ms06-014 and ms07-17 these two patches, the majority of the current Web Trojan is through these two vulnerabilities into the computer inside.
3. Update anti-virus software virus database, do regular upgrade, regular anti-virus.
4. Installation software to the regular website to download, to avoid software installation package is bundled into the Trojan virus.
5. Turn off the automatic playback function of Windows.
Mode of transmission
1. Through the USB disk, the mobile hard disk automatic playback function spread.
The original source of the 2.AV Terminator was to use a Web site vulnerability download to spread through a large number of hijacked network sessions. And the previous period of time ARP attack virus flooding related.
Kill tool Download
Jinshan Poison PA Kill tool Download Address: Please search Jinshan Poison Overlord page
Rising Antivirus center Kill tool Download Address: Please search the homepage of rising
Manual removal method
1. Download the IceSword tool online and rename the tool, such as changing to Abc.exe name, so that the virus process can break through the shield of the tool. Then the double hit opens the IceSword tool, ending a 8-bit number of EXE-file process, sometimes possibly without the process.
2. Using the IceSword file management function, expand to C:\Program Files\Common Files\Microsoft Shared\msinfo\, delete 2 8-bit random numbers of files with the extension: DAT and DLL. To the%windir%\help\ directory, delete the. hlp with the same name or the. chm file of the same name, which is the system Help file icon.
3. Then delete the Autorun.inf file and the suspect 8-digit file below the root of each hard drive, and note that you should not double-click to open each hard disk partition, but you should use the tree directory on the left side of Windows Explorer to browse. Sometimes computer poisoning may not be able to view hidden files, you can use the WinRAR software file management features to browse files and delete operations.
4. Using the IceSword Registry management function, expand the registry entries to:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options], delete inside the Ifeo hijacking.
When the above operation, you can install or open antivirus software, and then upgrade anti-virus software to the latest virus library, the computer for the overall anti-virus.