Last night, a buddy shouted, saying that his computer was infected with viruses and that anti-virus software could not be used or installed. I guess it was a robot dog.
First, I used QQ to send a bot killer and drive killer. The bot killer report found av_killer_x. After the reboot, the virus was not cleared, and the drive killer did not report the virus.
Remotely connected to the system, used the latest avterminator/robot dog to specifically kill viruses, and captured a bunch of new versions of robot dogs, which were then scanned by cleaning experts.
The BOT killing report finds that the security mode is damaged, av_killer_x, and another virus. After cleaning, click "Stop Virus Detection" and refresh again. The virus is coming again. The system prompts you to restart your computer and restart your computer to find that the fault is outdated. In addition to the BOT/avterminator exclusive and drive exclusive, the antivirus and cleaning experts on this computer cannot run, and the main program has been deleted by viruses, double-click the program and immediately delete it.
Just now, if Zhuhai wants to track the effect of the new version of kill, it will send this user to the water supply center for processing. After the remote connection, use procxpto to close the random file Suffix in the assumer.exe process (which can be a sub-program module or thread running in the assumer.exe process), and rename the file under system32 corresponding to the handle, search for files of the same size on the hard disk and delete the files of the same size as the files in the QQ directory. After restarting the computer, av_killer_x was completely cleared.
According to a later analysis by the water master, the reason why the robot dog/avterminator killed 5.0 failed to scan and kill may be that not all of the handles were closed, which may be related to the Remote Desktop on QQ. If all irrelevant programs are closed, run the command again, and the cleanup may be successful.
Next, I remotely connect to his desktop, COPY the cleaning expert and drug overlord program back, and run the cleaning expert to finish scanning. The following are the images scanned by the cleaning experts.
1. Find 15 malware, And the bot is really powerful.
2. Fixed the residual information in the startup Item.
3. After the virus is cleared, the residual information in the driver is deleted.
4. Repair the virus-Modified Image hijacking project. Here, the cleaning expert cannot repair the project directly. Click the left button on the corresponding add-on, select the registry from the shortcut menu, and delete all references to these errors. (Note: If you are not familiar with the Registry, perform the operation with caution. If you see that the key value of the window on the right of the Registry Editor is consistent with that of the cleaning expert, delete it.