Clear the pcshare Driver Trojan script

I dare not say it is completely cleared, because it is not completely cleared, but I think it is better to clear it completely. Why?

I used to test the pcshare trojan that day. I got a cracked version that day, but I realized it was a false one. After the configuration, I cannot go online. I am depressed, and worried about other people's sets, so the spirit of killing Trojans. this trojan is known as having no port and no process, and it is very sinister. A keyboard recorder that tested pcshare a long time ago is also hidden by the driver ~ So I used IceSword this time.
IceSword is the best tool to kill Trojans. IceSword uses a large number of novel kernel technologies, so that these backdoors are nowhere to hide, it has the anti-hiding and anti-protection functions (this sentence is copied online:-d). I really admire the author, and the research on the system kernel should be at the forefront in China, so far, no one has announced that the trojan he wrote can escape IceSword. The last time the administrator of pcshare spoke wildly, saying that as long as he wants to write, he can directly HOOK the window of IceSword to escape IceSword, I am looking for teeth with a smile, and I have the ability to write it out. You can catch his window. It's also the first in the world ~ Continue again

 

 

You can see that the red process, the program with process protection, delete one will generate one, should be mutual monitoring
So ignore this ~ Find the file source directly. If the exe file source is unknown or not, check the SSDT (System Service Descriptor Table) of IceSword ), here we can see the red drive

 

I tried. I couldn't see the driver in windows. It's nonsense. People are the first in China.
IceSword has a file management, which is also RING0 level, so there is nothing to hide it, remember the location of the suspicious driver, open the file browser of IceSword, find and delete the suspicious driver, OK

 

Restart ~ And you will be done.
Then I tested pcshare and clicked the generated Trojan. The Trojan file was not deleted or run by myself ~ Inexplicably, pcsahre is immune.
Since it is killed, I have not found any other files or startup items. If you are interested, you can use the registry monitor to check them.

Note: The Hidden driver file is also valid. For example, click it to hide it. After the file is deleted, it cannot be used ~ So if you are not sure, you can use IceSword to back up and delete it first.

Lala La ~ The following describes my frequently used manual killing techniques.
Killing file sources
The NTFS partition is required to set security and deny access and modification by any user. After the system is restarted, the trojan will not be loaded.
Then you can delete the startup Item and it will be OK (in fact, it will not be affected if you do not delete it, or even a prompt box, because it is rejected)