Beauty game Virus Iwbkvd.exe killing method _ virus

Press F8 to enter Safe mode.
First, run POWERRMV, click the "Lock Target" to find severe.exe files under the path C:\Winnt\System32 or C:\Windows\System32, and kill them. Iwbkvd.exe the same. POWERRMV on the Internet, you can download one.
Second, using the card's IE repair function to do IE repair
Third, use the Activate Management feature of Kaka to view the virus's landing and delete it, and find the virus program files to be purged.
Four, use the Activate Management feature of Kaka to view the application hijacking of the virus.
Five, use Sreng to repair the system's documentation. Sreng Tool network up and down
Six, use Sreng to repair the system's shell outer shell
Seven, use Sreng to repair the system's Hosts file
Viii. restoration of hidden documents shown
Start → perform →regedit.exe to open the brochure and find the following path: [hkey_local_machine\software\microsoft\windows\currentversion\explorer\advanced\ Folder\hidden\showall] recommends removing the original CheckedValue key and creating a new normal DWORD key value: "CheckedValue" =dword:00000001
Nine. At this point, the individual subregions are still not open properly, so do not double click to open the divisions.
Start → Execute →cmd Open the DOS command window, execute the following command to clear the virus oso.exe and Autorun.inf
Del X:\oso.exe
Del X:\autorun.inf
where x represents each of the separate plates in the computer.
Ten, right click on each of the different parts of the selection, to repair, to this virus cleanup has been completed.
Finally, restart the computer.
Two
First enter the C:\Windows\System32 directory, delete the Severe.exe,iwbkvd.exe file,

Then go into the C:\Windows\System32\Drivers directory and delete the Conime.exe (remember not the Conime.exe file in the C:\Windows\System32 directory),

There is also a wevvri.exe core file (described later), and then reboot the system, normal. But rising or not up, I run regedit, unexpectedly hint found the file, Sreng,iceword also can not run,
Dizzy. I ran autoruns again and found HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options under these file paths are changed to Wevvri.exe, that is, if you run the above files can not be run, will call the file, no wonder the virus can not kill, really ruthless. After clearing this information, reboot, everything is ok ....
Slowly, seems to have some problems, rising although up, but as if the umbrella is not open, has been put away, how to do it. Oh, I think the virus will be rising system services also stopped, run services.msc, open service Management, a view, sure enough, unexpectedly will start the service mode to prohibit, start rising real-time monitoring services, the umbrella opened.
From this anti-virus situation, rising protection mechanism is problematic, C:\Windows\System32\Drivers directory can allow executable file to put in, and do not alarm operation, which is justified in any case.
For reference, you can also use other tools to repair ie, file-related