I have completed the OSO virus today.

This USB flash drive virus is very annoying. It is always impossible to break the root with an ice knife. I found an article todayArticleIt used to put many security-related applications in the registry.ProgramThe debugger of is associated with another file, so there is always a problem. Just delete the registry.

 

Clear severe.exe Virus

--------------------------------------------------------------------------------
23:41:53 yiyunsevere.exe virus symptom:
Starger 51cto technical blog
(1) All files and folders cannot be displayed.
(22.16open regedit.exe and many other security-related programs without authorization, and the system prompts "Windows cannot find the file 'C: \ windows \ regedit.exe '....."

Starger 51cto technical blog
How does one clear the severe.exe virus?
Starger 51cto technical blog
(Note: DOS operations can also be performed in safe mode. Press F8 to enter safe mode when the computer starts .)
To delete the folder)
Starger 51cto technical blog
(1) Remove the severe.exe file in the \ system32 and \ system32 \ driverfolder from the hidden starger 51cto technical blog in DOS.
Zang, attrib-s-h
(2) Remove the oso.exe and autorun. INF files in the root directories of each disc from the oso.exe and autorun. inf files.
(3) Delete severe.exeunder the \ system32 folder under DOS, oso.exe and autorun. infstarger 51cto technical blog under each directory
File
(4)modify regedit.exe to Regedit. scr (open my computer, go to the Windows folder, and add the tool-Folder starger 51cto technical blog
When the extension name of the specified region is removed, a regedit.exe file can be changed to SCR .)
(5) Run regedit. scr
(6) Delete [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Image File Execution options \ severe.exe] debugger......tcmebr.exe
Example:
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ starger 51cto technical blog
Image File Execution options \ regedit.exe]
"Debugger" = "C: \ WINDOWS \ system32 \ drivers \ tcmebr.exe"
(7) Search for the registry entries of the above programs in the Registry and delete them.
(8) modify the HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ starger 51cto technical blog in the Registry
The checkedvalue in Advanced \ Folder \ Hidden \ showall is 1 (note that the dual-byte value is DWORD ).
Review all files and folders. starger 51cto technical blog
Starger 51cto technical blog
In addition, you can search for and repair the software similar to Kaka, and use the kaka.exe,360.exe main starger 51cto technical blog.
Change the order to kaka.com and 360.com (change to another name without trial ).
If the virus is changed to Regedit. scr, it is recommended that you configure the starger 51cto technical blog.
A tool that can modify the Registry in DOS. Take the Win XP (PE) Cd of the swordsmanship as an example to run the ERD 2003 starger 51cto technology blog.
You can directly modify the registry in the memory environment. Starger 51cto technical blog
Starger 51cto technical blog
I think the key to eliminating this virus is restoring regedit.exe.
Starger 51cto technical blog
You can use the following methods:
Starger 51cto technical blog
(1) Rename regedit.exe and run it directly.
Starger 51cto technical blog
Software:
Starger 51cto technical blog
360 download security guard
Starger 51cto technical blog
: Http://www.cisko.cn/Soft/ShowSoft.asp? Softid = 8