Virus detection and removal methods

Recently, the vijin variant virus has been raging, and many people are forced to format all the partitions after recruitment, so the hard-to-save data is destroyed.

The virus is characterized by a slow system response. When playing online games, the system automatically exits, and the EXE file icon in the hard disk changes to "Flower". In dos, the system fails to be restored using ghost; if not fully formatted, reinstalling the system will not solve the problem.

Today, we are lucky to have a computer infected with this virus. The host basically wiped out the virus in despair and saved the data he had accumulated over the years.
Now, I have posted the anti-virus process for reference by netizens who encounter similar problems.

To clear a virus, follow these steps:

1. Stop the virus process and delete the startup Item of the virus.
1. Press F8 at startup to enter safe mode;

2. Press Ctrl + Alt + Del to open the "Task Manager" and end the Logo1 and Rundll32 processes;

3. My computer → properties → System Restore, check "Disable System Restore on All Drives" and "OK". (If the system restore has been disabled, this step can be omitted)

4. Right-click "my computer" → "Resource Manager" → "Tools" → "Folder Options" → view, and remove the √ in front of "Hiding protected operating systems (recommended, select "show all files and folders ";
In the left-side "folder" box, click Documents and Settings → user account name → Local Settings → Temp;
Click anywhere on the right, click "edit" → select all, and then press Shift + Delete to Delete all files in the TEMP folder.

5. Start → run, type msconfig, open the "System Configuration Utility" interface, and click "start" to find a suspicious startup Item, for example, the "command" items include windows \ rundll32.exe, windows \ logo1.exe, windows \ down \ Uninstall, and delete them;

6. run regedit to open the registry, edit → search, type run, check "full match", and start searching, if the run item contains a suspicious key that points to the preceding virus, delete the key (Note: it is not to delete the run item) and press F3 to continue searching and delete the virus-related key, until the search is complete;

7. Click "start" → "Search" → "file or folder" → "all files and folders" to maximize the window. Fill in "_ desktop" in the file name column. "ini", "more advanced options", select "search system folder", "search for hidden files and folders", and "Search subfolders", and click "Search ", after searching, click "edit" → select all, and then press Shift + Delete to Delete all the "_ desktop. INI file.

After the above processing, even if the system is restarted, the virus generally does not start with the system. For the sake of security, you can click "service" in step 1, select "hide all Microsoft services", and remove the √ before all items (if it is anti-virus software, after the system is normal, it can be restored );

2. Download the exclusive killer tool to clear viruses and save hard disk data
Restart the system, press F8 again, select "security mode with network" (normal start is acceptable, but for the sake of security, you can still enter security mode), open IE, log on to the "Jiangmin (www.jiangmin.com) Website" or the "Rising Star (www.rising.com.cn) Website", download the waking killing tool, save it to the "desktop" or other places, and run it after downloading it, the virus is cleared.

After a while, the virus is cleared. Restart the system and the system will be normal. All the EXE files can also be used.

I would like to emphasize that the above is a method for virus detection and removal. Many people may also be infected with other viruses. Therefore, it is recommended that after the virus is processed, install anti-virus software, upgrade the virus database, and complete antivirus activities.