How does one clear the cpu‑100‑0000.exe virus?

Source: Internet
Author: User

Release date:
Poisoning symptoms:
The CPU usage of cmd.exe is bytes. After shutting down cmd.exe, the CPU usage returns to normal. The CPU usage is again, while cmd.exe still occupies most of the CPU.

1. installed the ewido Trojan, detected several infected targets, and deleted them. But today
The CPU usage is again, And cmd.exe still occupies most of the CPU.

2. Install "Trojan cleaning expert 2006" and scan and kill. No Trojan is found.

3. Check the cmd. EXE size in system 32. The result is as follows:
Cmd. EXE size: 459 KB (470,016 bytes)
Occupied Space: 460 KB (471,040 bytes)

There should be no exception.
String 3
Solution: String 7
If this happens, unfortunately, 99% is a trojan. If your Windows installation disk is in c: \ and you need to open the options for viewing hidden files and displaying all file extensions in the file viewing options
Check your c: \ Program Files \ Internet Explorer \ plugins \ directory and you will find two files: new123.bak and new123.sys;
Check your c: \ Documents ents and Settings \ Administrator \ Local Settings \ temp \ directory. Microsoft may be found. BAT file; you can use NotePad to open Microsoft. BAT file, and you will find an EXE file in the directory (the specific name will be different;
If you do not find the corresponding file in the preceding two steps, change your file to not hide the known file suffix, and search for the file in the system disk to check whether there are no relevant files.
Trojan description
This trojan is mainly because the user has installed an embedded Trojan. Program Because of the installation program, these installation programs are most likely some applications that you download on some unknown download websites (such as some QQ versions ). The trojan uses the installer to install the IE Plug-in that is a trojan without prompting the user. This makes general anti-virus and anti-trojan programs unrecognizable. This trojan plug-in is automatically called when you run some programs that require calling IE, so the situation described in "symptom description" appears. String 3
The trojan mother is new123.sys, which belongs to the Trojan-PSW.Win32.Delf.mc and may steal the account and password of some of your applications.
Trojan Removal
This Trojan can be easily cleared manually. The process is as follows:
After logging on to the task manager, run cmd.exe in the migration process, and the CPU usage will be significantly reduced;
Go to the C: \ Documents ents and Settings \ Administrator \ Local Settings \ temp \ directory and delete Microsoft. the EXE file mentioned in the BAT file and the BAT file; (this step is not done and there is no problem, but it is best to clear it)
Go to the C: \ Program Files \ Internet Explorer \ plugins \ directory and delete the new123.bak file. However, you cannot delete the new123.sys file because the system is in use. You can process the new123.sys file in two ways:
Restart the machine and go to safe mode to delete new123.sys;
Although the file cannot be deleted in the current state, you can change the new123.sys file name to new123.sysdel and restart the machine (no security mode is required), and then delete new123.sysdel.
After the processing, if the situation in the "symptom description" disappears, it indicates that the cleanup is successful. String 7
Windows XP does not have any program named cmd.exe. cmd.exe is a command prompt program of Windows XP. It can execute some applications executed in DOS but does not run as the system starts. This may be a trojan or other virus program, scan and kill
1. If the installation file is on the hard disk and the system is installed from the hard disk installation directory, change the installation directory name first.
2. Delete c: \ winnt \ system32 \ dllcache \ cmd.exe,
3. Delete system32 \ cmd.exe.
4. The system will prompt that the system file is missing and requires you to insert the disc. Just ignore it.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.