The purpose of this article is to let everyone know what to do after encountering a Trojan.
This trojan is my first contact. I think it will be helpful to you in my experience in Trojan killing.
I have not studied the details of this trojan, such as the specific circumstances, sources, and functions. It is said that zer will write an article
Last night, zer4tulgave me a trojan (exelinks.exe). Let me try it.
After receiving the message, run without any response (nonsense !!)
Then, I view the process, first kill the exelinks process, and then Run regedit
..............................
..........................................
............................................................
This file cannot be found !!!
Me ft
Is it because the exe file is associated and cannot be opened?
This file is lost (zer4tul is not lost, it seems that it does not have a common)
Just run regedt32.exe.
I found that a network service startup program named svchoost.exe is added to the HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun, Which is deleted.
At this time, I restarted the system, ran regedt32, and found that there was another one in the run, killed the process, and deleted the file.
If there are other sources, it means there are also sources of startup. What are the sources? By the way, didn't I run regedt32? This is an exe file.
The content of cmd.exe and the exefile to be written. No problem
View exefile content. The content in shellopencommand is
Winnt/system32/exelinks.exe % 1% *.
Modified Back, % 1% *
In addition, the original name of this program is windowssend.exe.
I found it in the winnt/system32/start directory.
I guess I want to make an Automatic startup. Oh, this file is also deleted.
Restart the system, check the process, and check the registry. Everything is normal. In this way, the trojan is killed.