Cdsdf.exe,kl.exe,javascr.exe and other virus cleanup Methods

Source: Internet
Author: User

I. Problems and symptoms:
Other virus files can be killed. The c: \ windows \ system32 \ cdsdf.exe antivirus software cannot be killed. It is useless to suppress regeneration after killing with powerrmv.
Ii. Analysis Solution:
1. Disable System Restoration before anti-virus (the win2000 system can be ignored ):
Right-click my computer, properties, system restore, and turn off the system restore check on all drives.
Clear temporary ie files: Open the IE point tool --> Internet option: Internet temporary files. Click "delete file" to check all offline content and click "OK" to delete the temporary files.
Disable QQ and other applications Program . Do not double-click the disk to open the disk. All downloaded tools are directly stored on the desktop.
2. Use the Force Delete tool xdelbox to delete the files listed below.
[Copy the paths of all files to be deleted during deletion. Right-click the list of files to be deleted and choose import from clipboard. After the import, right-click the file to be deleted and choose restart now to delete the file. The computer restarts and enters the DOS interface to delete the file. After the deletion is complete, the computer automatically restarts to enter the operating system you installed. Save the files that are being opened on your computer. For more information about xdelbox, see help. chm in the xdelbox1.2 directory .] CopyCode The Code is as follows: C: \ windows \ system32 \ cdsdf.exe
C: \ Program Files \ common files \ microsoft shared \ msinfo \ newinfo. rxk
C: \ Program Files \ Internet Explorer \ plugins \ systemkb. sys
C: \ windows \ system32 \ xpsp3res. dll
C: \ windows \ system32 \ kl.exe
C: \ windows \ system32 \ netw0r ~ 1. exe
C: \ windows \ system32 \ fgdfsdf.exe
C: \ windows \ g_server1.23.exe
C: \ windows \ g_server1.23.dll
C: \ windows \ g_server1.23_hook.dll
C: \ windows \ g_server1.23key.dll
C: \ progra ~ 1 \ hwsy \ ugji. dll
C: \ windows \ system32 \ javascr.exe
C: \ windows \ system32 \ rpcs.exe
C: \ windows \ avp.exe
C: \ windows \ system32 \ drivers \ bktybu25.sys
C: \ windows \ system32 \ drivers \ cozlqk72.sys
C: \ windows \ system32 \ drivers \ jvardz24.sys
C: \ windows \ system32 \ drivers \ ukffsz58.sys

3. After restarting the computer, use the Sreng tool to delete the following items:
[The following operations are risky. You must understand the above methods before performing the operations .]
[When Sreng is enabled, the system prompts "the function content is inconsistent with the expected value. They may be modified by some malicious software". Please ignore the error and modify the software after installation .]
========================================
Start Project --> Delete the following items in the Registry
<{A6011F8F-A7F8-49AA-9ADA-49127D43138F}> <c: \ Program Files \ common files \ microsoft shared \ msinfo \ newinfo. rxk> [N/A]
<{754fb7d8-b8fe-4810-b363-a788cd060f1f}> <c: \ Program Files \ Internet Explorer \ plugins \ systemkb. sys> [N/A]
========================================
Start the project --> service --> Win32 service application to delete the following items

[Background Intelligent Transfer Service/bits] [stopped/auto start]
<C: \ windows \ system32 \ svchost.exe-K netsvcs --> c: \ windows \ system32 \ xpsp3res. dll> <N/A>
[Dc0m server process launher/dc0r] [stopped/auto start]
<C: \ windows \ system32 \ kl.exe> <N/A>
[DNS cl1ent/dnscl1ent] [running/auto start]
<C: \ windows \ system32 \ netw0r ~ 1. EXE> <N/A>
[Sdhcvs/edfscv] [stopped/auto start]
<C: \ windows \ system32 \ fgdfsdf.exe-service> <Microsoft Corporation>
[Gray_pigeon_server1.2/graypigeonserver1.2] [stopped/auto start]
<C: \ windows \ g_server1.23.exe> <N/A>
[STD pbed service/pbed] [stopped/auto start]
<C: \ windows \ system32 \ rundll32.exe c: \ progra ~ 1 \ hwsy \ ugji. dll, service-S> <Microsoft Corporation>
[Messaging/remote procedure] [stopped/auto start]
<C: \ windows \ system32 \ javascr.exe> <N/A>
[Remote Procedure Call System (rpcs)/rpcs] [stopped/auto start]
<C: \ windows \ system32 \ rpcs.exe> <N/A>
[Audio adapter/vgadown] [running/auto start]
<C: \ windows \ avp.exe> <N/A>
========================================
Start the project --> service --> Delete the following driver items (if the driver cannot be deleted, set the type to disabled !)

[bktybu2/bktybu25] [running/boot start]
<\ systemroot \ system32 \ drivers \ bktybu25.sys>
[cozlqk72/cozlqk72] [stopped/manual start]
<\?? \ C: \ windows \ system32 \ drivers \ cozlqk72.sys>
[jvardz2/jvardz24] [running/boot start]
<\ systemroot \ system32 \ drivers \ jvardz24.sys>
[ukffsz5/ukffsz58] [running/boot start]
<\ systemroot \ system32 \ drivers \ ukffsz58.sys>
Sreng repair location: system Repair ---> select all Windows Shell/IE, and click "Repair"
Sreng location: system Repair --> repair Winsock supplier point "reset all content to default value"
Finally, use 360 security guard: www.360safe.com to clear (delete) all detected points)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.