This article is from Kingsoft
The virus will spread through emails and cause network congestion.
Virus behavior:
The virus will create two files in the windowssystem32 directory:
1 = %sys32dir%dllh8jkd1q8.exe
2 = javassys32dir#kernelwind32.exe
Create a win32.exe file in the user's secret folder, with the path % profile % Local SettingsTempwin32.exe
Create a Registry Startup entry:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
Virus tries to disable the task manager.
Solution:
1. Use Kingsoft cleaning experts to solve the malware
2. Alternatively, use a third-party process manager (the system's task manager may have been disabled) to end the virus process.
Dllh8jkd1q8.exe
Kernelwind32.exe
Manually delete the following three files
%Sys32dir%dllh8jkd1q8.exe
Sys32dir1_kernelwind32.exe
% Profile % Local SettingsTempwin32.exe
3. If the cleaning expert restarts after cleaning, other cleaning tools still report viruses, possibly due to two reasons:
A. There may be the latest variants. Please submit the full logs of the cleaning experts to the Forum;
B. it may be a false positive of the removal tool. According to the drug overlord virus analyst's appraisal, there is a high possibility of false positive. The software has the suspicion of stealing Kingsoft cleaning expert's malicious software library. Kingsoft analysts deliberately created a trap, I didn't expect the product to be hooked up.
498) this. style. width = 498; ">
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
