After the computer is turned on, the desktop does not display the icon (wsttrs virus) Solution

The system is suspended due to the BUG of Trojan Horse stealing. the user's desktop is blank and icons and desktops cannot be displayed. This is a trojan virus designed to steal "Magic domain", "perfect world", and "haofang game platform". The virus is named Win32.Troj. onlineGames. ms.18432 it uses a special method to escape anti-virus software scanning and removal. It may be caused by a BUG in the program prepared by the virus author that causes the desktop to fail to be displayed when the system is restarted.

Solution: Call windows Task Manager (Ctrl + Alt + Delete), switch to the process tag, find the wsttrs.exe process, right-click the process, and end the process. The desktop is displayed normally.

Virus features:
1: copy an object
After the virus runs, it copies itself to the system directory.
C: WINDOWSsystem32wsttrs.exe
And release a virus file.
C: WINDOWSsystem32wsttrs. dll (Win32.Troj. Onlinegames. nb.12288)
After the virus is deleted
2: Add a startup Item
The virus adds a startup entry to the registry so that it can be started with Windows.
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce
"Wsttrs" = "C: WINDOWSwsttrs.exe"
This may be due to the negligence of the trojan author. It is the program automatically loaded upon next boot that causes the system to fail to display the desktop normally.
3: disable anti-virus software
The virus searches for the antivirus software window and closes the window. If the main program of anti-virus software is disabled, it is a signal of virus intrusion.
4. Account theft
The virus searches for online game "Magic domain" game processes, uses hooks to read user-entered game accounts and information, and passes the obtained information through wsttrs. dll files are uploaded to the website specified by the trojan grower in advance, causing the loss of the user's game account.

The following is a manual solution for the virus:
1. in windows XP and above:
When the desktop cannot be accessed, call windows Task Manager (Ctrl + Alt + Delete), switch to the process tag, find the wsttrs.exe process, right-click the process, and end the process, the desktop can be displayed normally.

2. in windows 2000 and other systems
When the system is restarted, press F8 continuously. In the boot menu, select the safe mode with network connection to start, and upgrade the Internet to the latest version (4.04.07.16) to check for viruses in the windows directory, after virus detection and removal, restart the system to display the desktop properly.
3. If neither of the above solutions is successful, it may be the latest variant of the virus. Enter the security mode and open the Registry Editor, locate HKEY_LOCAL_MACHINESoftWareMicrosoftWindowsCurrentVersionRunOnce (note that RunOnce is not Run) and find the startup item in the windows or WinNT folder of the system disk.
For example:
Wstthrs c: windowswsttrs.exe
Or
Wstthrs c: winntwsttrs.exe
Delete the key value. Finally, restart the system.
4. Upgrade anti-virus software and complete anti-virus!