How to manually handle the USB flash drive pseudofolder Virus

At present, USB flash drives have become one of the main ways to spread viruses. A type of udisk virus appears on the user's drive. A small. EXE folder with a suffix of 421kbis displayed on the drive. You can double-click the virus to open or delete it. However, when you delete the file, the virus file appears again when you refresh the removable disk. Because it is the same as the original folder name, it is also known as the pseudofolder virus.

Virus. When you use "Folder Options" to show hidden files, you can see (1) the original hard disk files, but you cannot right-click to modify the folder attributes.

Figure 1

Tang Wei pointed out that it is the most convenient way to end this "culprit" by checking and deleting suspicious processes in the system using anti-virus auxiliary tools. XueTr is used to manually process viruses. Currently, it supports 32-bit Windows 2000, XP, 2003, Vista, 2008, Win7, and other operating systems. It is a free anti-virus tool, it can view process modules, registry items, system startup items, and finally detect and kill virus files through a series of troubleshooting work. It is very powerful and easy to use, it is one of the excellent auxiliary tools for manual antivirus. The procedure is as follows:

1) Check winweb.exe, right-click it, and select "end and delete file. (2)

Figure 2

2) use the xuetrtool to forcibly Delete the two virus files in the u drive. Copy my photo. exe”and your office document. .exe. "check" Delete to prevent file regeneration ". (3)

Figure 3

3) folder of shards. In order to thoroughly clear the virus files, go back to the process and check the system one by one. When there is a file in the process, find that the suspicious module iconhandle. dll is attached to assumer.exe and there is no digital signature. (4)

Figure 4
4) Find the directory C: \ WINDOWS \ system32 where the file is located, and use "creation date" to list all the files in the directory for details. In this case, an unexpected result is found: webad under this directory. dll and web. dat files and iconhandle. the dll creation time is the same. Check carefully and you will find the web. the dat file size is 421KB, which is consistent with the two virus folders under the USB flash drive! These three files are not originally stored in the C: \ WINDOWS \ system32 path in the normal system. It can be inferred that all the three files are created by viruses and can be deleted. (5)

 

Figure 5

5. Click iconhandle. dll loaded under assumer.exe at the right of the page to unmount it globally. (6)

Figure 6

Note: When iconhandle.dllis mounted to assumer.exe, the agent er.exe process restarts when the file is detached. This is a normal phenomenon and you don't have to worry about it.

5) use the XueTr tool to find all the above three suspicious files, right-click and choose "add to restart Delete", and immediately restart the computer. (7)

Figure 7

After the computation machine is restarted, the final check is performed. iconhandle. dll is no longer loaded under the xuetr assumer.exe process, and the C: \ WINDOWS \ virus folder will not be generated again. In this case, the USB flash drive virus is cleaned up, but the original folder system properties are still hidden and cannot be modified, so you have to perform the manual operation after virus removal, you can use the attrib command to modify the system attributes of a folder as follows: (8)

1. Click Start> Run, Enter cmd, and press enter to open the DOS window.

2. Because the drive letter of the current USB flash drive in the system is marked as "e:", enter "e:" in the command line and press Enter.

3. Enter "attrib/s/d-s-h" in the command line and press Enter. After the command is run, check that the folder icons on the E disk have been restored to normal.

Figure 8

At this point, the manual processing and repair of the USB flash drive virus have been completed. After a manual antivirus process, you will find that the virus is not as terrible as you think. You just need to find the virus file and clear it out of the system in a reasonable and feasible way. The above mainly provides you with an idea and technique for manual virus processing. Although the symptoms of the USB flash drive are different, the principle of manual virus removal is similar, as long as you master the core idea and key elements of manual virus processing, no matter what type of virus is processed manually, there will be a starting point.