Appinit_dlls virus (Trojan)

After a colleague's computer is started, the security guard suddenly reports that xxyu is loaded. DLL (an account theft Trojan), immediately follow the old method, search in the registry, find related items and classid, all backup and delete, the results are as follows, it is not that easy to see.
Later, it was found that the appinit_dlls registry is automatically restored to the value with the above DLL no matter how it is deleted or modified.
I searched the internet for the relevant information. I could use this item to load the DLL through explorer.
In this case, you can use a X-PS to uninstall the DLL:
Open cmd, and then use the task manager to terminate Explorer (sometimes the Explorer will load the DLL, leading to the inability to uninstall the trojan dll module, which affects manual cleanup, so it is best to terminate it first ).
Run
PS/M/F sidjazy. dll (list which Processes contain the xxyu. dll module ),
PS/E * sidjazy. DLL (uninstall xxyu from all processes. DLL module). After you run the uninstall command, the Winlogon prompt will appear. If you click OK or cancel, the prompt window will be displayed on the blue screen immediately.
Run PS/M/F xxyu. DLL to check whether the module is still loaded. If there is any residue, run the uninstall command to ensure that the uninstallation is complete.
Go to c: \ windows \ system32 under cmd, execute attrib xxyu. dll-r-s-h, and finally del xxyu. dll
Clear Registry related items.

After the above operations, restart and solve the problem temporarily, it is found that the problem occurs again in non-secure mode, which is indeed quite powerful. Security guard often reports www.baiduby.com/pe_patch.upx/upx, which is practically useless.

I wonder if you have encountered a similar situation. Please share the solution.