General Method for manually clearing Trojans

First, you need to have some computer knowledge, such as checking which self-starting programs on your computer; then you need to be familiar with your computer. Why? Dizzy ..... Everyone's computer is different. Only you know what hardware and software you have installed. Finally, do not be afraid. Do a good job of backing up the ghost, system restoration, and so on. Even if the system crashes, you have learned something.

First, you are showing signs of Trojans. First, you should check what is automatically loaded in your startup group. The Trojan is definitely here. I found a strange program? More than one? It doesn't matter. Write down the name one by one.

Find a process to view the tool (why do you want to view the process? Trojans are never formatted or hidden, but cannot escape the process viewer. xp/2000 has its own tool, ctrl + shift + esc, 98/me uses the process viewer of the Windows optimization master.

Find the process and end it first (otherwise, how can the program be deleted in use ?), Then delete the auto-start item (because the Trojan of the advanced point has the protection function, such as the multi-line Trojan ). Then isolate the suspicious program. Finally, restart the computer. This step should be done one by one. Otherwise, how do you know which Trojan is used? However, if you are familiar with your computer, you can see at a glance what programs are not installed on your own.

If there are still signs of Trojans, repeat the above steps.

If you already know where the Trojan program is located, terminate the process, delete the startup project, and delete the Trojan program. Restart.

After reading it, do you think it is very simple, just a few steps? :)

############## Self-start methods in windows9x/me #########

1. Autostart file

C: windowsstart menuprogramsstartup {chinese/english}

Location in the registry: HKEY_CURRENT_USER softwaremicrosoftwindowscurrentversionpolicershell

Folders Startup = "C: windowsstart menuprogramsstartup"

So it will be easily changed by the program

2. Win. ini

[Windows]
Loadpolicfile.exe
Runningfile.exe

3. System. ini [boot]

Shell‑assumer.exe file.exe

4. c: windowswinstart. bat

It seems normal, but every time it is restarted

5. Registry key

[HKEY_LOCAL_MACHINE SoftwareMicrosoftWindowsCurrentVersionRunServices]
[HKEY_LOCAL_MACHINE SoftwareMicrosoftWindowsCurrentVersionRunServicesOnce]
[HKEY_LOCAL_MACHINE SoftwareMicrosoftWindowsCurrentVersionRun]
[HKEY_LOCAL_MACHINE SoftwareMicrosoftWindowsCurrentVersionRunOnce]
[HKEY_CURRENT_USER SoftwareMicrosoftWindowsCurrentVersionRun]
[HKEY_CURRENT_USER SoftwareMicrosoftWindowsCurrentVersionRunOnce]
[HKEY_CURRENT_USER SoftwareMicrosoftWindowsCurrentVersionRunServices]

6. c: windowswininit. ini

Once running, it is deleted by windows.

Example: (content of wininit. ini)
[Rename]
NUL = c: windowspicture.exe

Example: Set c: windowspicture.exe to NUL, which means to delete it and execute it completely concealed!

7. Autoexec. bat

Start each time in DOS

8. Registry Shell Spawning (have Subseven been used? Let's take a look. ---- Old demon note.

[HKEY_CLASSES_ROOT exefileshellopencommand] @ = "" % 1 "% *"
[HKEY_CLASSES_ROOT comfileshellopencommand] @ = "" % 1 "% *"
[HKEY_CLASSES_ROOT batfileshellopencommand] @ = "" % 1 "% *"
[HK

<