System security: Formatting is useless? Tips for removing the "no Kill" virus

A growing number of netizens believe that viruses are an important factor in endangering Internet security. Sometimes when anti-virus software processing virus program, will result in double click Hard disk Letter open, right click to appear, such as auto words, such as the occurrence of such a situation with the system master record of the configuration file Autorun.inf.

Interpreting Autorun.inf

Because the computer will automatically search for the Autorun.inf configuration file under the letter directory when the system is running, it automatically runs the commands that are set in the load according to the files inside it. In fact, Autorun.inf is a text-form system configuration file, the user can edit with text editing software (note: The file can be loaded only when it is under the root of the drive), which contains commands that need to be run automatically, such as the program files that need to be run, the changed drive icon, Optional shortcut menu contents, and so on.

Illness description

When the user selects: Tools-Folder Options-View-Displays all files and folders, the computer can not display the Autorun.inf file, click on the C, D, E letter will open the other window, and U disk, MP3, such as third-party storage disk is so, insert the computer, the picture file flash that, Want to see the Autorun.inf file in the home directory, but found that the file is quietly missing. When using the WinRAR view, find C, D, such as the root directory has Autorun.inf and tel.xls.exe two files, the disk right click, the directory appears in auto or two open words (coarse font, fine font) information, and so on, using the command Msconfig to see the boot of the startup items found in the SocksA.exe. All this has caused a great degree of trouble to the user.

Solving method

In the face of the above situation, some users can only ghost the computer again. But according to the author's personal experience there are many ways, here provides a way for users to try.

One, let the file no longer hide

Open the run item in its input Regedit the registry interface expands the key value sequentially hkey_local_machine\software\microsoft\windows\currentversion
\explorer\advanced\folder\hidden\showall Delete the CheckedValue key value, right-click the new->dword value-> named CheckedValue, and then modify its key value of 1, You can now view and delete the Autorun.inf hidden file under the letter.   or open the Start menu in the running item, enter CMD to bring up the form, enter the command attrib under the letter, then you can see if there is a name sh Autorun.inf file, you can then enter the command attrib space-s space-h-space Autorun.inf can change its properties are not hidden, users just open the appropriate letter can see the file, delete it. (Tip: The attrib command is used to set file properties, attrib +s or-s [filename] Sets whether the file properties are system files, attrib +h or-h [FileName] Set file properties are hidden).

Ii. Removal of viruses

Click the right mouse button on the partition disk-> open, see each disk with Autorun.inf and tel\.xls\.exe two files, delete it, u disk same. And then open the Start menu in turn: Run-mscionfig-boot-remove startup items like Sacksa.exe, SocksA.exe, or run regedit to call up the registry and find it in hkey_local_machine> software>microsoft> Windows>currentversion>run Delete similar C:\ Windows\system32\svohost.exe key Value entry.

Iii. removal of virus remnants

Open My Computer C disk and delete SVOHOST.exe, Session.exe, Sacaka.exe, SocksA.exe, and all Excel-like icons in the windows\ and windows\system32\ directories. (Tip: Each folder has two, because the virus causes the system to produce two of the same files, which have a similar file, users must be careful to delete when deleted), restart the computer system will be all normal.

PostScript: Hiding virus files is not scary, terrible is not aware of its principle and blindly start, trapped this causes system file damage, system crashes can not start, when the user reset to the C disk format, the use of ghost software to restore the system, if the other letter is not formatted, then virus and hidden files will still exist. Users only understand the principle of the virus, in order to completely solve the confusion caused by!