A miserable victory after poisoning

System conditions:

Dual-system, usually using WinXP, without anti-virus software installed. Go to the ME system one or two times a month, upgrade the trend PC-Cillin anti-virus and perform full-host anti-virus.

At the end of the last week, I found my computer slowed down. After entering ME, I upgraded my website to anti-virus and went to the machine for anti-virus. And then use XP in the same way as normal.

Sunday, it seems to be a little slow, use it, ignore it.

My cousin came to my house to play on Monday. He probably had a day and tried most of the games on the machine...

No computer opened on Tuesday

When I went home last night, I opened it and saw several Desktop shortcuts icon changed to the doscommand icon. In addition, the window IEXPLORER error was displayed. After the cancellation, the RPC was shut down in 60 seconds (strange, I used to patch the impact and shock wave)

Anti-Virus process:

Restart and then hit the impact and shock wave patch, and then modify the Registry RUN-RUNSERVICE and MSCONFIG boot item, after re-boot or the same RPC 60 s Shutdown

I want to go to WINME for full-host anti-virus attack. I don't have to wait until the ME boot screen will automatically shut down.

We had to go to the security mode and install the XP system as well (the latest virus database). After installing the system, it was not successful after several times, every time I scan the memory-pilot zone, I will scan an IEXPL *** file and exit.

I had to open the task manager and find that two processes were IEXPL *****. I deleted them and then killed them. However, I quit every time I killed IEXPL, in addition, the IEX *** process can be seen in task management.

After stopping the process, search for the * EXPL * file and find that two files cannot be deleted, even though I was in security mode...

Finally, the boot disk is used to delete the IEXPL *** file in WINDOWSSYSTEM32. Several files with the modification date of are still deleted. Because the vast majority of WINDOWSSYSTEM32 files are of the 03-3-27 date, those cannot be deleted.

Restart the system. The system is started normally. If there is no RPC, it will be shut down for 60 seconds, and there will be no pop-up window IEXPLORER error. This is the whole system and whole-machine anti-virus, more than an hour later killed several 200 WIN32-LOVEGATE and WORM-LOVEGATE viruses.

Anti-Virus results:

Almost 200 ME files were killed in drive C, all of which were files infected with EXE,

There are about 70 system disk d and other E and F disks, which are infected by EXE and a few rarfiles, including FOXMAIL, QQ and other programs.

The result is that the virus is cleared (the icon becomes the doscommand icon, and the file cannot be used), or the file is deleted (this is worse)

My feelings:

Although the anti-virus solution is successful, the ME system is gone (it doesn't matter if you don't plan to use it), xp can still be used, but this anti-virus solution can be described as killing 10 thousand people, the hard-won and miserable self-loss of three thousand won't be expected.

Analysis: it is estimated that the virus exists a few days before his cousin came to serve as a guest, but it was not completely cleared. Later, he ran a large number of game programs on various disks, resulting in the spread of the virus.

Advise you: do not think that dual systems are safe. What if I clean the virus like me? The rest of the system is just a piece of cake, not far from the days of formatting and reinstallation. Even if you continue to use it, there may be many problems.

Finally, I plan to re-run the PQ and expand the C drive originally intended to be used for WIN9X from 2.5 GB to 2003 GB, and only install one system (this time I can finally try to install WINNT in DOS ), G should be enough. Anyway, we plan to install green programs other than the system on other disks. if you want to use a dual system, try a virtual machine.