Boot notepad virus + manual cleaning

Source: Internet
Author: User

Recently, many machines in the R & D team have been infected with the boot notepad virus, which does not seem to cause any problems. Kaspersky and Norton still cannot be killed, and 154 is also in progress. Everyone maps the smaba region and is easily infected.
This spread of viruses is rare now.
Take the following steps to kill more than 154 servers.

ArticleDirectory:
1. manually delete viruses on the hard disk:
Method (1 ):
Method (2): (we recommend that you use web site friends who are not familiar with computers. This method is applicable to the XP system)
With this method does not need to see the following, to http://lsxk.org/bbscon.php? Bid = 290 & id = 72000 download the attachment.
2. Delete the empty notepad virus body when the USB flash drive or mp3 is started:
Iii. Answer:
☆── ─ ☆

Method 2: due to a limited number of virus samples, method 2 is only applicable to the XP system and the registry is not locked (if it is locked, most of them are infected with other viruses, the hidden files cannot be viewed. Other viruses are also involved ).

Download the attachment. It provides detailed instructions.

Attachment: Go to the terminal and click the link to remove this virus. rar (1979 bytes:
Http://lsxk.org/bbscon.php? Bid = 290 & id = 71542 & AP = 708

For details about Windows 98/2000/2003 and other systems, refer to method 1 for manual anti-virus.

☆── ─ ☆

1. manually delete viruses on the hard disk:
(Take the XP system as an example. For other systems, only msconfig and 2000 are available for the XP system !)
☆── ─ ☆

Method (1 ):

1. Open the task manager and end the wincfgs process.
2. Control Panel-Folder option-set to display system files and hidden files. (If there is no folder option or the folder is set but the hidden file cannot be displayed, it is in another virus. This virus is irrelevant, for more information about the solution, see the "Registry category" in the kernel of the virus edition 〗").
3366search hard drive Delete kb20060111.exe (the file name may be different, in the XP system is the same as the blue icon in notepad, the location is c: \ windows \ kb20060111.exe.pdf, search hard drive Delete wincfgs.exe (in XP system is the hidden system file with, the path is c: \ windows \ system32 \ wincfgs.exe ).

Search Method for the XP system: start-search-files or folders-all files and folders-in "more advanced options", select "search system folders, hidden files and folders, subfolders"-enter the file name, only search for system disks (drive C ).

Deleted, delete the found item/value, and press F3 to find the next and delete the item/value until the search is complete. Similarly, you can search and delete the related items/values of ". \ recycler \ autorun.exe”and “wincfgs.exe. (If the registry is locked and the Registry Editor cannot be opened, it is infected with another virus, which is irrelevant to the virus. For the solution, see "[registry type]" in the virus vernal 〗")
5. The Registry-[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run] clears boot items related to wincfgs. (Because step 1 has been deleted, if you do not see wincfgs related items, skip this step)
6. Choose "start"> "run"> "msconfig"> "start"> "cancel" wincfgs ">" OK ">" restart ". After the instance is restarted, check whether ** is displayed every time it is started. Select" no. (If you do not see the wincfgs startup Item, skip it)
7. End.

☆── ─ ☆

For example, in the XP system, delete the following items/sub-items in the Registry: if not, do not delete them !!!

HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ shellnoroam \ muicache
C: \ windows \ system32 \ wincfgs.exe
C: \ windows \ kb20060111.exe

HKEY_CURRENT_USER \ Software \ Microsoft \ Windows NT \ CurrentVersion \ WINDOWS
Load

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ Load

☆── ─ ☆

Method 2 ):
The following methods are used to delete files in batches and import and clear the registry:

1. delete a file: In notepad, write down the following content, click "file-save as", and select "all files" as the Save type. The file name is 1.bat. then, double-click the running file.

@ Echo off
Tskill wincfgs
Attrib-r-a-s-h c: \ windows \ system32 \ wincfgs.exe
Attrib-r-a-s-h c: \ windows \ kb20060111.exe
Del c: \ windows \ system32 \ wincfgs.exe
Del c: \ windows \ kb20060111.exe
Tskill conime
Del % 0

:

2. Clean up the Registry: In notepad, write down the following content, click "file-save as", and select "all files" as the Save type. The file name is 1.reg. then, double-click the running file to delete the file after running. (If the registry is locked and cannot be imported to the registry, it is infected with another virus. This virus has nothing to do with it. For the solution, see "[registry type]" in the virus vernal 〗").

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ shellnoroam \ muicache]
"C: \ windows \ system32 \ wincfgs.exe" =-
"C: \ WINDOWS \ kb20060111.exe" =-

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"Load" =-

[-HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ load]

#================================================

3. Choose "start"> "run"> "msconfig"> "start"> "cancel" wincfgs ">" OK ">" restart ". After the instance is restarted, check whether ** is displayed every time it is started. Select" no. (If you do not see the wincfgs startup Item, skip it)

4. End.

☆── ─ ☆

2. Delete the empty notepad virus body when the USB flash drive or mp3 is started:

1. Set it to see the hidden files in the system.
2. Do not double-click the USB flash drive or mp3 drive, right-click the drive, or select Open in English.
3. Open the USB flash drive/MP3 and view the recycler folder. Delete the folder.
4. Delete autorun. inf.
5. After the flash drive is killed, the USB flash drive can be normally pulled out and plugged in again. Otherwise, double-click the USB flash drive and the system displays "Access Denied ".
6. End.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.