Delete a folder virus for the EXE suffix in the system

First: a friend U disk to infect, performance symptom is all folders have suffix exe, size according to different variants, are hundreds of KB. The virus's author uses the camouflage technique, you see the folder is not the real folder, but is the virus file, just changed the icon to the folder style, at first I also gave the recruit. And the real folder is hidden, so when you double-click it actually executes the virus file, and then the virus hides all the folders. The process of the virus is what, a rough look seems to be disguised as Issas.exe, can end the process and then antivirus.
1. Run → enter "cmd", enter the cmd.
2.cd x: (X is a U disk letter).
3.attrib-s-h-r/s/d

The hidden folder is then found, and all folders with the same name but suffix are deleted. Also generate a recycle folder, also directly deleted. If it is clear and then found again, the virus is still running, continue to look for suspicious processes, and then follow the above steps to clear. Finally take antivirus software to kill poison, to prevent the virus is file infection.

Second:After the second copy of the file, I found that my u disk file name suffix has become an EXE, my plate poisoned, because this kind of thing for me is the first occurrence, feel more nervous, immediately with the rising kill poison, I am puzzled that, after killing the virus, U disk on the remaining documents, but the space has not changed, I think the file may be hidden, so I use the Folder options in the tool to display the file, but the file properties of the hidden in the gray, can not always use this method to show hidden files, how to solve this problem? I found the following solution: 

1, use the U disk virus kill tool, such as it can modify the file properties hidden by virus, and can kill U disk virus. Usbcleaner is a pure green auxiliary anti-virus tool, with the detection of more than 70 kinds of u disk virus, u disk virus broad-spectrum scan, U disk virus immunization, repair display hidden files and system files, security uninstall mobile disk characters and other functions, all-round a The body of the repair kill U disk virus. At the same time Usbcleaner can quickly on the new disk virus to deal with. Usbcleaner is a good helper for your study, work and entertainment.

2, the first to use anti-virus software to kill the virus. In the "Start-run" in the input cmd, open the system command prompt, in which input letter, enter the need to modify the USB drive, the relevant settings are as follows:
C:documents and Settingsadministrator>j://Enter J disk (USB) directory
J:>DIR/A//This instruction is to view all files in the current directory. Include Hidden attributes
The name of the J:>attrib folder-r-h-s/s/d
Can be shown, "folder name" is the current flash drive under the name of the hidden folder, no suffix name, if more than one folder to restore the status of the display, at the command prompt through the keypad that the up and down arrow health to choose
The name of the J:>attrib folder-r-h-s/s/d The folder name should be all right.
If you are not a folder, but other programs, you can enter such a command:
J:>attrib *.*-r-h-s/s/d

3, open Notepad and copy the following:
Windows Registry Editor Version 5.00
[Hkey_local_machinesoftwaremicrosoftwindowscurrentversionexploreradvancedfolderhiddenshowall]
"CheckedValue" =dword:00000001
Save file name: "Show hidden files." REG, (make sure to remove the "Hide extensions for known file types" in Folder Options), double-click to run the file, and then go back to Folder options to set the display hidden file.

4, copy the following line of code to Notepad, save it as a unhide file. bat, and then double-click to run it.
for/f "delims="%%i in (' dir/ah/s/b ') do attrib "%%i"-s-h
The meaning of the order is explained:
for/f "delims="%%i in loop
DIR/S displays all files in the current directory and subdirectories
Parameter/ah a file with hidden attributes
Parameter/b is displayed with a short filename
Do attrib "%%i"-s-h cancel this file/folder's System attribute hidden properties]

5, modify hidden properties through the registry

6, the hidden folder through the tool in the Folder Options display, and then copy the contents of the folder, put it in the Rebuild folder to go, and then delete the original folder, OK, the first to the U disk in the poison off Oh.

Third:The following method is a bit annoying, I am too lazy to read. You can use that if you feel like it!

1. Open Task Manager, the user process (process is divided into: users, system,local service,network service) In addition to the Ctfmon.exe,exploer.exe,
All other end processes, if Task Manager does not open: Start-run--cmd (if CMD can no longer be used, that only reinstall the system)--tasklist, in addition to the above,
and Smss.exe,csrss.exe,svchost.exe,alg.exe,services.exe,winlogon.exe,tasklist.exe,system,system Idle process, Lsass.exe,
Conime.exe, other processes are trying to end (like ending QQ.exe:tskill QQ)

2. Start--run--msconfig
Put Ctfmon and anti-virus software items, all others are disabled.

3. Start-run--regedit, open to:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionexploreradvancedfolderhiddenshowall
To change the value of the CheckedValue item to 1, note that the item is blue and, if it is red, delete the CheckedValue entry, and then create a new DWORD value.
Named CheckedValue, the number inside is 1. (This action is to fix a virus modified registry value, otherwise the following action cannot show hidden files)

4. Open Folder Options--View--display hidden operating system files and folders •, show all files and folders, and then determine, right-click the hard drive,
Choose the following · open ·, do not double-click, otherwise the virus will run automatically. Now you can see your original file,
It then deletes the Autorun.inf and an. exe virus file, which is available below each hard disk root directory.

5. Modify the Registration form:
Hkey_current_usersoftwaremicrosoftwindowscurrentversionpoliciesexplorer
Change the value of NoDriveTypeAutoRun to FF
This operation is to turn off all drives automatically, that is, not to let the virus auto

6. Restart the computer

Fourth: This is a typical anti-virus sequelae, the reason is the Trojan associated with the EXE (that is, you open any later name EXE executable file will make the Trojan run) so you kill Trojan after you can not open EXE file. You can fix this:
Workaround: The exe open method is modified by Trojans or viruses, unable to open any executable file solution.
Option one: First change the name of Regedit.exe to Regedit.com or REGEDIT.SCR.
Run regedit.com, locate the Hkey_classes_rootexefileshellopencommand key value, change the default value to%1%* reboot, and then change regedit.com back to Regedit.exe.
Scenario Two: Save the following content as Exefile.reg, double-click the Import registry, or run Regedit exefile.reg in pure DOS, import the registry. (Note: Leave a blank line behind the REGEDIT4)
Regedit4
[Hkey_classes_rootexefileshellopencommand]
@=%1%*
Programme III (applicable to WIN2000/XP only):
1, will cmd.exe renamed as Cmd.com or CMD.SCR.
2. Operation Cmd.com
3, run the following two commands: Ftype exefile=%1%*assoc. exe=exefile
4. Change the cmd.com back to Cmd.exe

Fifth: you have recycled virus. Put your u disk suffix name exe folder all deleted. Restore all hidden files. Then delete recycled.exe and Autorun.inf two files. Your USB drive is saved.
Use recycled to kill your computer virus.