Virus Introduction: Since April 10, a virus named "maid" has been detected on the Internet. It initially appeared on your computer. When you right-click each drive letter, the first option is changed from "open" to "automatic playback". Then there will be several "rose" processes in your system process, occupying the CPU resources of your computer.
Transmission Mode: it is spread through mobile storage devices such as USB flash drives, MP3 files, and mobile hard drives. This generally means that the content in the mobile storage device cannot be cut, and the mobile storage device cannot be removed, this virus is particularly evident on public computers. At present, I have discovered the virus in public computer sites such as the news lab center, school broadcasting station, out-of-school print shops, and photo studio, and has become increasingly popular, in addition, the virus was detected on many computers or mobile storage devices, which spread very quickly.
Virus hazards:
1. occupying a large amount of cpu resources in the system.
2. Create two rose.exe and autorun. inf files in each partition, and they are hidden within the system protection file. No matter how you search, the virus automatically runs when you double-click the drive letter.
3. If you continue to ignore the virus, it may cause some operating system crashes. It is manifested in the direct and repeated restart after the self-check, and you cannot enter the system. Simply put, your computer suddenly crashes, then the server will no longer be available. Even after you reformat the C drive and reinstall the system, you just cleared the virus from the C drive, but it still exists on other disks and will attack again.
Anti-Virus method: currently tested, no matter which anti-virus software you use, no matter when you upgrade the virus database to the latest version, they are not capable of killing the virus, even if your anti-virus software is genuine. I personally estimate that the employees of anti-virus software companies are taking the time to study how to kill the virus.
I am also suffering from this virus, and I have been overwhelmed by it. I have also reinstalled my computer. It took me some time to learn from the Internet so that I can have this personal experience. Now, based on the methods provided by others in the past, based on your own experience, I hope to help you with computer poisoning and pay attention to other students who have not been poisoned.
The specific method is as follows:
1. Press ctrl+alt+deleteto call the task manager. On the progress page, all processes named "rose.exe" are removed. (We recommend that you repeat this operation in subsequent operations to ensure that virus files do not recur ).
Screen. width-461) window. open (/UpLoadFiles/NewsPhoto/15_77344.jpg); "alt =" \ "src =" http://www.bkjia.com/uploads/allimg/131120/060041L03-0.jpg "onload =" if (this. width> screen. width-460) this. width = screen. width-460; "border = 0> keys", locate and delete the entire shell subkey, continue to press F3 to find the next one, and continue to delete and find the relevant key values, until "registry search is complete" is displayed.
Screen. width-461) window. open (/UpLoadFiles/NewsPhoto/15_77346.jpg); "alt =" \ "src =" http://www.bkjia.com/uploads/allimg/131120/060041K07-1.jpg "onload =" if (this. width> screen. width-460) this. width = screen. width-460; "border = 0>
Screen. width-461) window. open (/UpLoadFiles/NewsPhoto/15_77348.jpg); "alt =" \ "src =" http://www.bkjia.com/uploads/allimg/131120/0600414140-2.jpg "width = 564 onload =" if (this. width> screen. width-460) this. width = screen. width-460; "border = 0>
Screen. width-461) window. open (/UpLoadFiles/NewsPhoto/15_77349.jpg); "alt =" \ "src =" http://www.bkjia.com/uploads/allimg/131120/0600412511-3.jpg "width = 564 onload =" if (this. width> screen. width-460) this. width = screen. width-460; "border = 0>
3. In my computer-tools-Folder Options-View-show all files and folders and remove the "Hide protected system files" check box.
Screen. width-461) window. open (/UpLoadFiles/NewsPhoto/15_77350.jpg); "alt =" \ "src =" http://www.bkjia.com/uploads/allimg/131120/060041NQ-4.jpg "onload =" if (this. width> screen. width-460) this. width = screen. width-460; "border = 0>
4. Click the right-click button on each disc to open it. You cannot double-click it to delete all the rose.exe and autorun. inf files. If you are prompted that the files cannot be deleted, you can change the attributes of these files from "read-only" to "ARCHIVE. If it cannot be deleted, restart the computer and press F8 to enter safe mode during self-check.
Screen. width-461) window. open (/UpLoadFiles/NewsPhoto/15_77351.jpg); "alt =" \ "src =" http://www.bkjia.com/uploads/allimg/131120/0600411259-5.jpg "width = 564 onload =" if (this. width> screen. width-460) this. width = screen. width-460; "border = 0>
✓ Preventive measures:
1. When someone inserts a USB flash drive into your computer and an operation prompt box appears, do not select any operation or turn it off.
2. Go to my computer, select a USB flash disk from the address drop-down list, or right-click the removable disk and select "open" in the pop-up menu. Do not directly click the drive letter of the USB flash drive. Otherwise, the virus will be activated immediately!
And "autorun. inf" files. delete them directly!
Then, delete the entire shell Sub-key, and then press F3 to find the next one, continue to delete the relevant key value until it is displayed as "Registry Search completed.