Gaming players should be aware that they do not have to lose their accounts before they begin to regret
The bad guy of Warcraft account theft Trojan does not know how many gamers are hurt, so that countless game players not only lose their favorite game accounts, but also the equipment they spent money on. The crimes of Warcraft account theft are really rare. It's time to cure this crazy guy and stop it before you get into your computer.
I have noticed that the two popular Warcraft Trojan horses are of the same type.
And the key files are gdm1_2.dll, so a very simple step can make the trojan main file does not work.
Okay. Let's talk about the method:
Ensure NTFS file system
First, make sure that the file system of drive C is NTFS. The viewing method is simple. Go to the root directory of drive C and click the details on the left. If the file system is followed by NTFS, It Is NTFS, if it is FAT32, it may need to be converted. The conversion method is as follows:
Click Start in the lower-left corner of the desktop, then click Run, Enter cmd, and enter: (Convert C:/fs: ntfs). You can directly copy or input in parentheses. Then press enter to complete the conversion. Wait a moment.
Note: If a file is running on drive C, the operating system will prompt you to convert the file upon restart. When you start the system, there will be a process of checking the disk and converting the file system, please do not shut down! After that, Windows restarts automatically!
After confirming that the file system of your drive C is NTFS, let's talk about how the virus is immune. Currently, this popular method is to create a gdm1_2.dll file that is not accessible to anyone. In this way, the virus cannot be overwritten, and the file cannot be written or read. Without this important file, it is naturally impossible to steal the number. However, make sure that the gdm1_2.dll file is not in your C: WINDOWSsystem32 directory.
Okay. Now let's start with the method.
Create immune File
First, create a text document and write the following content in it:
Md C: WINDOWSsystem32gdmsi32. dll
Attrib C: WINDOWSsystem32gdmsi32. dll + s + h + r
Echo y | cacls C: WINDOWSsystem32gdmsi32. dll/d everyone
Exit
Click "file" in the upper left corner of the document and select "Save as". Enter 1.batin the file name (whatever you enter, but the suffix must be bat or cmd ), select "all files" from the drop-down menu on the right of the Save type, and then save it, but it is best to save it to the desktop for ease of searching. Find the saved location and find a 1.bat( or other bat) file. Double-click the file to run it.
Because the system is added to the file to hide the property, you cannot see it. You need to display all files and system files to see it. No problem. The file is a transparent folder named gdm1_2.dll. Can you double-click it to try it? Access denied? Congratulations!
Before this trojan variant, this method ensures that this type of Trojan is invalid.