IEXPLORE. exe--Ash Pigeon Virus Removal method _ virus killing

Source: Internet
Author: User
Many teachers have problems with the machine, look at the process there is a IEXPLORE.EXE, the end of the process, a few will appear, is likely to be in the gray pigeon virus, the following to paste the virus to remove the method, please machine a similar situation on the teacher in this way to antivirus

Grey Pigeon virus
The gray pigeon is characterized by "three hidden"--hiding the process, hiding the service, and hiding the virus files. Gray Pigeon 2005 After infecting the system, register itself as a system service and generate a set of (3) hidden virus files in the same directory; the virus file name is variable, but there is a certain rule.
Clear gray pigeons still need to operate in safe mode, there are two main steps: 1, the removal of gray pigeon service; 2 Remove gray pigeon program files.

Note: In order to prevent misoperation, be sure to do a backup before cleaning.

Because the normal mode of gray pigeon will hide itself, so detection of gray pigeon operation must be in safe mode. Enter Safe Mode by starting your computer, pressing the F8 key (or holding down the CTRL key while you start the computer) before the system enters the Windows splash screen, and selecting "Safe Mode" or "safe modes" in the Startup options menu that appears.

1, because the gray pigeon file itself has hidden properties, so to set Windows display all files. Open "My Computer", select Menu "Tools"-"Folder Options", click "View", Cancel "Hide protected operating system files" check box, and in the "Hidden Files and Folders" Item select "Show All Files and folders", and then click OK.

2, open the Windows "search file", the file name entered "_hook.dll", search location Select the installation directory of Windows (the default 98/xp is c:\windows,2k/nt for C:\Winnt).

3. After searching, we look under the Windows directory (not including subdirectories) to see if there is a file named Iexplore_hook.dll (which may be another name, but the basic structure is _hook.dll).

4, according to the Gray pigeon principle analysis we know that if Iexplore_hook.dll is a gray pigeon file, the operating system installation directory will also have IEXPLORE.exe and IEXPLORE.dll files. To open the Windows directory, there should also be a IEXPLOREKey.dll file for recording keyboard actions.

After these steps we can basically determine that these files are gray pigeon Trojan, the following can be manually cleared



Manual removal of Grey Pigeon

First, the removal of gray pigeon service

2000/XP System:

1, open Registry Editor (click "Start"-"" Run ", enter" Regedit.exe ", OK. To open the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services registry key.

2, click on the Menu "edit"-"find", "Find the target" input "IEXPLORE.exe", click OK, we can find gray pigeon service (this example is Iexplore_server).

3, delete the entire iexplore_server item.

98/me System:

Under 9X, there is only one boot for the gray pigeon, so it is simpler to clear it. Run Registry Editor, open the Hkey_current_user\software\microsoft\ windows\currentversion\run entry, We immediately see an item named IEXPLORE.exe, which deletes the IEXPLORE.exe item.

Second, the removal of gray pigeon program Files

Remove Gray Pigeon Program files are simple, simply remove the IEXPLORE.exe, IEXPLORE.dll, Iexplore_hook.dll, and IEXPLORE.dll files in the Windows directory in Safe mode, and then restart the computer. At this point, the gray pigeon has been cleared clean.

or download RAVGPK tool or Ice ren

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.