How to handle "Windows Script Host" autorun. js

【 Fault description]:

Double-click the C, D, and E disks. A "Windows Script Host" cannot find the script file. The following is the script: D: \ autorun. vbs.

Row: 25

Character: 4

Error: Incorrect 'Next'

Code: 800A041F

Source: Microsoft VBScript compiler Error

【Description of Virus Information]:

After double-clicking the drive letter, the autorun. inf file under the root directory will be loaded, and then the autorun. bat file will be called. Write the content according to autorun. bat and call autorun. reg to write the key value to the Registry. The virus may modify the following key values:

Code: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon

Userinit=userinit.exe,autorun.exe

To ensure that virus files can be loaded when the system is started.

After that, the autorun.batfile uses wscript.exe to successfully run autorun. vbs.

【Handling process]:

Anti-virus software detects that "autorun. vbs" is an infected file and thus deletes it. However, because other files (autorun. *) and registry reference key values point to autorun. vbs, but this file is no longer in, an error is reported when you double-click the drive letter.

【Solution]:
◆ Call up the resource manager (Ctrl + Alt + Del)

◆ Unzip wscript.exe process (this process may not exist, depending on the situation );

◆ Zookeeper er.exe process;

◆ Use "file-Create task" in the resource manager to open cmd;

Input:

Code: del c: \ autorun. */f/s/q/

Del d: \ autorun. */f/s/q/

Del e: \ autorun. */f/s/q/

... (C, d, and E represent the three drive letters in the table. If there are other drive letters, continue to execute the command.
◆ Use "file-Create task" in the resource manager to Open regedit again, and then check whether the key value in the following registry has been changed. If the key value has been changed, it is changed to correct:

Code: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon

Userinit=userinit.exe,

(The figure shows the correct Userinit key value. Note: The comma next to the exe is also required)

At this point, all the operations have been completed (remember to start the system after the operation), but the operation steps are relatively complicated. If some netizens do not understand it, they can ask computer-savvy friends to follow this process, it can be solved.