The trojan that took me a day to solve is really hard to find.
1. We found that the c: \ windows \ system32 \ 30pzg8d. dll file was infected with Trojan. DL. win32.hmir. HL but it could not be deleted, so we had to force it through the ice blade icesword.
3. Restart after deletion. rundll prompts that the 30pzg8d. dll module cannot be found, indicating that there are services or startup items that are calling 30pzg8d. dll.
4. Search for rundll and other items in the icesword Startup Group. No exception is found after thorough troubleshooting.
5. msconfig is not found, so where is it hidden?
6. You can see the services andProgram. You can use the Sreng (System Repair Engineer) startup project to find two types of services: Win32 service application and driver. The Win32 service is the system service we generally see, and the service provided by the driver is generally not seen. In the Sreng driver service, we found a xy6pchlxf. the sys service is a little weird. Find the directory c: \ windows \ system32 \ drivers of this file and right-click it to view the properties of this file. The problem may occur here, then delete xy6pchlxf. sys, which cannot be deleted. It is forcibly deleted on the ice blade icesword, and then deleted using Sreng xy6pchlxf. SYS: after the service is restarted, rundll prompts that 30pzg8d cannot be found. the DLL module dialog box is missing. Go to Sreng to find the service and delete it again. Then, search for xy6pchlxf in the registry, delete all related items, and restart. OK
7. Conclusion: This trojan is not easy to find from previous viruses, and is generally in the Startup Group of the Registry. It is a service provided by a driver to start this trojan. After the trojan is deleted, rundll reports an error, and rundll starts many programs, which are not easy to find. Using the icesword and Sreng (System Repair Engineer) tools is indeed helpful for system repair. Force deletion of the icesword on the ice blade is of considerable interest, and is more reliable than the crushing file of rising. Of course, Rising antivirus software can check the virus, but it cannot delete 30pzg8d. dll, and xy6pchlxf. sys, which indicates that the function remains to be improved.