USB flash drive common viruses or Trojans

USB flash drive common diseases and viruses

Friends. This virus is inevitable when you use a USB flash drive ..
Suddenly, your disk cannot be opened ..
Suddenly, after double-clicking your disk, another pop-up window is displayed ..
Suddenly one day you find that an auto. Command is automatically run when you right-click to open the disk ..
Suddenly you find that your disk cannot be opened normally .. You must right-click and select open ..
Suddenly one day you find that the USB flash drive has an additional file autorun. inf...

I'm glad to tell you .. USB flash drive in your computer .. You can learn more.

Virus knowledge description
Autorun
A bunch of Autorun. * files are generated under the root directory of the infected disk, including
Autorun.batw.autorun.vbs?autorun.bin=autorun.inf;autorun.txt, Autorun. Reg, and autorun. wsh.
Rose virus:
Symptom: the system cannot be opened by double-clicking the drive letter. You can only right-click the drive letter to open the drive letter. A few days later, the system will delete the system ntdetect. com file and the system will not be able to start.
Transmission path: USB flash drive, MP3, and mobile hard drive
Check Method: Enable the sdks in folder -- after opening a disc. If you find that there are two versions of rose.exe and autorun. inf files, they are poisoned.
Major symptoms: When the Task Manager registry editor msconfig is enabled, close the network speed immediately. When the CPU occupies a large cdef disk, double-click the disk. You cannot right-click the drive letter, and the first one is auto (do not double-click the drive letter, otherwise cross-infection will occur) anti-virus software cannot be opened and is automatically set to not show hidden files. You can spread details through a removable hard disk and query them online.

Long story short. I will tell you which anti-virus software can clean it up.
Do not mention Kaspersky. He is not completely clean.
NOD32Do you know? You can install a Trojan horse.
You can find other targets. <This is the time for domestic production....>

Manual cleaning:
<Using auto as an example, rose and host are processed in the same way.>
<Remember that this method is only suitable for early detection of viruses.>.
1. Enter the security mode. <Press F8 to start the screen.>.
2. Enter ''regedit ''in the Registry/in the root directory.
Go to drive/and delete all key values under shell. <Tip: Search shell to see Autorun all deleted.>
3. The cleanup is performed. Open and hide under the folder setting option of the disk. Delete the hidden files generated by Autorun.

If the problem is serious .. If you are too lazy to use the software, use the following method to renew it.
Create a text document and copy the following code. After copying the file, click "file-save as" in the upper left corner. Change the name of the file "Create a text file .txt" to "killer. Bat" in the file name below. After saving the file, double-click to run it.

===== Copy the following code. Do not copy me ======
@ Echo off
@ Echo this tutorial specifically targets the copy.exe?host.exe=rose.exeand ravmone.exe viruses. Before virus removal, make sure that the WF. reg file is in the same directory as the program.
@ Echo.
@ ECHO virus symptoms: double-click the drive letter and you cannot open it normally. Right-click the drive letter and the first item in the displayed menu is "automatic playback ".
@ Echo.
@ Echo this program can scan and kill all viruses in the drive letter, including the software drive.
@ Echo.
@ Pause
@ Echo.
@ Echo.
@ Echo.
@ Echo ------------- stopping the virus process ...-------------
@ Taskkill/IM temp1.exe/F/T
@ Taskkill/IM temp2.exe/T/F
@ Echo ------------- virus process stopped successfully! -------------
@ Echo.
@ Echo ------------- deleting the critical Virus File ...-------------
@ Del C:/Windows/xcopy.exe/A/F
@ Del C:/Windows/svchost.exe/A/F
@ Del C:/Windows/system32/temp1.exe/A/F
@ Del C:/Windows/system32/temp2.exe/A/F
@ Del D:/Windows/xcopy.exe/A/F
@ Del D:/Windows/svchost.exe/A/F
@ Del D:/Windows/system32/temp1.exe/A/F
@ Del D:/Windows/system32/temp2.exe/A/F
@ Del E:/Windows/xcopy.exe/A/F
@ Del E:/Windows/svchost.exe/A/F
@ Del E:/Windows/system32/temp1.exe/A/F
@ Del E:/Windows/system32/temp2.exe/A/F
@ Del F:/Windows/xcopy.exe/A/F
@ Del F:/Windows/svchost.exe/A/F
@ Del F:/Windows/system32/temp1.exe/A/F
@ Del F:/Windows/system32/temp2.exe/A/F
@ Del G:/Windows/xcopy.exe/A/F
@ Del G:/Windows/svchost.exe/A/F
@ Del G:/Windows/system32/temp1.exe/A/F
@ Del G:/Windows/system32/temp2.exe/A/F
@ Echo ------------- the key Virus File is deleted successfully! -------------
@ Echo.
@ Echo ------------- deleting the virus file ...-------------
@ Del A:/autorun. inf/A/F
@ Del A:/copy.exe/A/F
@ Del A:/host.exe/A/F
@ Del A:/rose.exe/A/F
@ Del B:/autorun. inf/A/F
@ Del B:/copy.exe/A/F
@ Del B:/host.exe/A/F
@ Del B:/rose.exe/A/F
@ Del C:/autorun. inf/A/F
@ Del C:/copy.exe/A/F
@ Del C:/host.exe/A/F
@ Del C:/rose.exe/A/F
@ Del D:/autorun. inf/A/F
@ Del D:/copy.exe/A/F
@ Del D:/host.exe/A/F
@ Del D:/rose.exe/A/F
@ Del E:/autorun. inf/A/F
@ Del E:/copy.exe/A/F
@ Del E:/host.exe/A/F
@ Del E:/rose.exe/A/F
@ Del F:/autorun. inf/A/F
@ Del F:/copy.exe/A/F
@ Del F:/host.exe/A/F
@ Del F:/rose.exe/A/F
@ Del G:/autorun. inf/A/F
@ Del G:/copy.exe/A/F
@ Del G:/host.exe/A/F
@ Del G:/rose.exe/A/F
@ Del H:/autorun. inf/A/F
@ Del H:/copy.exe/A/F
@ Del H:/host.exe/A/F
@ Del H:/rose.exe/A/F
@ Del I:/autorun. inf/A/F
@ Del I:/copy.exe/A/F
@ Del I:/host.exe/A/F
@ Del I:/rose.exe/A/F
@ Del J:/autorun. inf/A/F
@ Del J:/copy.exe/A/F
@ Del J:/host.exe/A/F
@ Del J:/rose.exe/A/F
@ Del K:/autorun. inf/A/F
@ Del K:/copy.exe/A/F
@ Del K:/host.exe/A/F
@ Del K:/rose.exe/A/F
@ Del L:/autorun. inf/A/F
@ Del L:/copy.exe/A/F
@ Del L:/host.exe/A/F
@ Del L:/rose.exe/A/F
@ Del M:/autorun. inf/A/F
@ Del M:/copy.exe/A/F
@ Del M:/host.exe/A/F
@ Del M:/rose.exe/A/F
@ Del N:/autorun. inf/A/F
@ Del N:/copy.exe/A/F
@ Del N:/host.exe/A/F
@ Del N:/rose.exe/A/F
@ Del/autorun. inf/A/F
@ Del/copy.exe/A/F
@ Del/host.exe/A/F
@ Del/rose.exe/A/F
@ Del P:/autorun. inf/A/F
@ Del P:/copy.exe/A/F
@ Del P:/host.exe/A/F
@ Del P:/rose.exe/A/F
@ Del Q:/autorun. inf/A/F
@ Del Q:/copy.exe/A/F
@ Del Q:/host.exe/A/F
@ Del Q:/rose.exe/A/F
@ Del R:/autorun. inf/A/F
@ Del R:/copy.exe/A/F
@ Del R:/host.exe/A/F
@ Del R:/rose.exe/A/F
@ Del S:/autorun. inf/A/F
@ Del S:/copy.exe/A/F
@ Del S:/host.exe/A/F
@ Del S:/rose.exe/A/F
@ Del t:/autorun. inf/A/F
@ Del t:/copy.exe/A/F
@ Del t:/host.exe/A/F
@ Del t:/rose.exe/A/F
@ Del U:/autorun. inf/A/F
@ Del U:/copy.exe/A/F
@ Del U:/host.exe/A/F
@ Del U:/rose.exe/A/F
@ Del V:/autorun. inf/A/F
@ Del V:/copy.exe/A/F
@ Del V:/host.exe/A/F
@ Del V:/rose.exe/A/F
@ Del W:/autorun. inf/A/F
@ Del W:/copy.exe/A/F
@ Del W:/host.exe/A/F
@ Del W:/rose.exe/A/F
@ Del X:/autorun. inf/A/F
@ Del X:/copy.exe/A/F
@ Del X:/host.exe/A/F
@ Del X:/rose.exe/A/F
@ Del Y:/autorun. inf/A/F
@ Del Y:/copy.exe/A/F
@ Del Y:/host.exe/A/F
@ Del Y:/rose.exe/A/F
@ Del Z:/autorun. inf/A/F
@ Del Z:/copy.exe/A/F
@ Del Z:/host.exe/A/F
@ Del Z:/rose.exe/A/F
@ Echo ------------- the virus file is deleted successfully! -------------
@ Echo.
@ Echo ------------- the registry is being repaired ...-------------
@ Regedit/s WF. Reg
@ Echo ------------- registry repaired successfully! -------------
@ Echo.
@ Echo ================= the virus has been cleared successfully ====================
@ Echo.
Set/p c = it takes effect after the computer is restarted. Do you want to restart? [Y, N]
If "% C %" = "Y" shutdown/R/T 0
If "% C %" = "Y" shutdown/R/T 0
===== Copy the above Code. Do not copy me ======

Create a text document and copy the following code. After copying the file, click "file-save as" in the upper left corner. Change the name of the file "new audit document .txt" to "WF. Reg" in the file name below"

===== Copy the following code. Do not copy me ======

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER/software/Microsoft/Windows NT/CurrentVersion/Windows]
"Load" = ""
[HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/run]
"Ravav" =-
===== Copy the above Code. Do not copy me ======

 

All the above viruses apply to the automatic playback function of the system. When you double-click to open the disk, the system activates and runs the virus. In addition, the above copy virus is mainly spread through a USB flash drive, and people generally like to enable the automatic playback function of the system. In this way, when the USB flash drive is inserted into the computer, the content in the USB flash drive is automatically turned on, although this is convenient, it has become an important means of virus propagation !!

Next we will turn off the automatic playback function of the system.
1
Start-> Run, enter the following command gpedit. MSC
2
User Configuration-> management template-> system-> disable automatic playback-> enable

Professional Software cleanup:

This virus is a good solution. I will not explain it much.
There are two tools. They are all popular and practical tools on the Internet.

 

--------------------------------------------------------------------------------

 

The software has been integrated into the compressed package:USB flash drive exclusive series
-----------------------------------------------

If you have any questions, you can comment on them.