GHOST.PIF new variants lead to anti-virus software 0XC00000BA Failure Solutions _ Application Tips

Have netizen consultation 0xc00000ba wrong solution, specially from the internet to help him find a, do not know whether to solve the problem

This problem is caused by a U disk virus called GHOST.PIF.

However, the latest variant of the virus will query the following registry key values to obtain the relevant Security software installation directory, in the access to the installation directory under the system filename "Ws2_32.dll" named folder, so that the relevant security software failed to run.

　　
Code:
Software\\rising\\rav
Software\\kingsoft\\antivirus
Software\\jiangmin
Software\kasperskylab\installedproducts\kaspersky Anti-Virus Personal
Software\\kasperskylab\\setupfolders
Software\network associates\tvd\shared Components\framework
Software\eset\nod\currentversion\info
Software\\symantec\\sharedusage
Software\microsoft\windows\currentversion\app Paths\360safe.exe



Because these security software runtime will load Ws2_32.dll Ws2_32.dll the correct location is under System32 and the way the software usually looks for a DLL is to look for it first from its own folder so that the virus creates a forged ws2_32 in the folder of those software. DLL, which causes the startup to load this bogus ws2_32.dll, causing the boot failure!

The workaround is as follows:

1. In Safe Mode (after Power-on press F8 key and then come out an advanced menu to select the first safe mode to enter the system)
Open Sreng

Start the Project registry delete the following items
<{0cb68ad9-ff66-3e63-636b-b693e62f6236}><c:\program files\internet Explorer\romdrivers.dll> [ Microsoft Corporation]

Double click on my Computer, tools, Folder Options, view, click to select "Show hidden files or folders" and clear the "Hide protected operating system files (recommended)" Front of the hook. When you are prompted to determine the changes, click Yes and then determine

Right click on the right mouse button to open open C
Delete

　　
Code:
C:\Program files\internet Explorer\romdrivers.bak
C:\Program files\internet Explorer\romdrivers.bkk
C:\Program files\internet Explorer\romdrivers.dll



2. Empty c:\docume~1\ username \locals~1\temp all contents below

3. Right click on the right-click menu open Open Other partitions delete Autorun.inf and ghost.pif

Open Sreng

Start the Project registry delete the following items
　　
Code:
<wosa><c:\docume~1\ user name \locals~1\temp\woso.exe> []
<ztsa><c:\docume~1\ user name \locals~1\temp\ztso.exe> []
<mhsa><c:\docume~1\ user name \locals~1\temp\mhso.exe> []
<fysa><c:\docume~1\ user name \locals~1\temp\fyso.exe> []
<jtsa><c:\docume~1\ user name \locals~1\temp\jtso.exe> []
<wlsa><c:\docume~1\ user name \locals~1\temp\wlso.exe> []
<wgsa><c:\docume~1\ user name \locals~1\temp\wgso.exe> []
<rxsa><c:\docume~1\ user name \locals~1\temp\rxso.exe> []
<wdsa><c:\docume~1\ user name \locals~1\temp\wdso.exe> []
<tlsa><c:\docume~1\ user name \locals~1\temp\tlso.exe> []
<dasa><c:\docume~1\ user name \locals~1\temp\daso.exe> []
<wmsa><c:\docume~1\ user name \locals~1\temp\wmso.exe> []
<qjsa><c:\docume~1\ username \locals~1\temp\qjso.exe> [] (which one is deleted)


4. Remove rising anti-virus software Jinshan poison pa jiangmin Antivirus software Kaspersky Antivirus 360 security guards, such as folders under the folder named Ws2_32.dll