Yesterday, I inserted the USB flash drive into my computer and double-click it. Then I double-click all drive letters to open the drive letter. After the test, I found that I could only use the resource manager. But after all, the ghost knows what the virus is doing on the computer and decides to completely kill it.
Symptom description
1. Double-click the drive letter and you will not be able to open it. The resource manager can use it.
2. in "start"> "run", Enter cmd to enter the command line mode, enter C: Press enter, enter the C root directory, and enter dir/a to view all files. The following two files are found: Autorun. inf RavMon.exe.
3. Enter msconfig in "start"> "run", enter the system configuration program, and select the "Start" tab. An item called "MDM" points to "C: windowsmdm.exe ".
Solution
1. Restart and press F8 at startup to enter safe mode with command line. Select Administrator Account to log on.
2. Enter regedit in the command line to enter the registry and search for "RavMon.exe". If any matching item is found, delete it (I did not find it, so it is safe to do so ). Note that RsRavMon is the anti-virus software of Rising Star and does not need to be deleted.
3. Enter msconfig in the command line, enter the system configuration program, select the "Start" tab, and remove and save the check boxes before all "MDM" items.
4. Enter the following command in the command line:
Del C: Autorun. inf/f/s/q/a del
C: RavMon.exe/f/s/q/a del
D: Autorun. inf/f/s/q/a del
D: RavMon.exe/f/s/q/......
Number of drive letters. Note that this command will delete the corresponding files in all directories under the root directory, so you can immediately press Ctrl + C to interrupt the deletion.
5. Restart. OK.
6. To be completely clear, we should mainly kill the virus sources in the USB flash disk. I did not try any other way, so I was just lazy into Linux and deleted it with rm. If you know someone installing Linux, ask him for help. I personally think this is the safest way. In Windows/Dos platform, please do it well.
Description
1. MDM is Microsoft's Machine Debug manager. the system process is a pseudo-installed mdm.exe virus.
2. This anti-virus method can be used to clear similar viruses.