Today, I found that ie cannot be started, but the process of ie can be seen in the Task Manager ~~~~ After checking and searching, I found that when the user was on the Internet, he accidentally installed a plug-in. In the process, the plug-in was displayed as bcup.exe. At first, I thought there was nothing. It was not just a collection by the Internet. Later, I found that it was not the case ~~~
This is the response from his website.
Blog Forum netizens: blog customer service was published at on August 22, June 28
Hello:
Uninstall plug-ins
. Disable all IE.
. Use the task manager to delete the bcup.exe process.
. Open the run and execute the regsvr32-u
C:/system directory/BoCaiToolBar. dll
. Enter the system directory.
(Win2000: // winnt/system32)
(Win98: // windows/system)
.Delete bcup.exe and delete BoCaiToolBall. DLL
Open Registry Editor
Delete HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/BCUpdate
. Delete HKEY_LOCAL_MACHINE/SOFTWARE/BlogChina/BC]
Sorry for the trouble,
Thank you for your attention to blog China!
This is the answer to their website on the forum. I only feel shameless. This software is automatically downloaded and installed, and it cannot be canceled at a high speed, and does not provide uninstallation ~~~
Look at the replies from netizens:
In my development experience, anti-installation software is actually just a small software, and a skilled software engineer can complete development in just a few minutes. But for some unknown reason, blog China refused to provide it!
It is the most dangerous thing to change the Registry. * It is difficult to do this. You must first back up the Registry. If a problem occurs, the system will crash. You must start the DOS to restore the registry, let alone the Internet users. I have been developing software for ten years and do not dare to change it at will! I will manually modify it unless it is an extremely dangerous virus such as Nimda and red code!
Blog Customer Service insisted that the software did not contain any illegal code. Q: Have your software been reviewed by the China Software Registration Center and confirmed to be a green software without hacking? Blog Customer Service said: no review!
I can only say with one breath: blog China is just a hacker China! Hung up the phone!
According to the provided deletion information, this software is automatically downloaded, without installation prompts, completely violent automatic installation, no deletion program, and the BCUP process is started automatically upon startup, the long-standing memory occupies MB of memory, which completely surpasses a simple static network extraction function. This process can run continuously throughout the system and record many user information: for example, the user browses web pages, what the user generally does online, what mailbox the user has logged on to, or whether the user has used online bank payment and other information. In the worst case, the BCUP process can record all users' keyboard input information and directly send it to a remote control terminal through the network! When a user browses a blog website, all information and data on the user's machine can be searched, recorded, or deleted automatically through soft activation.
According to the analysis, this software is fully possessed by all the nature of the hacker software. Any problem may be caused by a blog in China or by a third party that cracks the software to maliciously embed code. As long as the user accesses the Internet, this may lead to unforeseen results.
According to the methods provided on its forum, I was very careful to delete files, delete the registry, and after restarting, ie was all normal.
The reason why this plug-in is so arrogant is that it is widely spread and may be automatically installed on many well-known websites such as the Pacific Ocean, it is said that blogs in China are very shameless to install trojans on download software from some websites ~~~~ I hope you can take care of yourself ~~~~