Introduction and destruction of popular prank programs

The following articles mainly describe the introduction and removal of popular prank programs. Today, many malicious programs are circulating on the Internet. These malicious programs generally have some solutions, however, if a newbie does not know the solution, it will be at the mercy of it, so that it will be ruined.

Today, many malicious programs are circulating on the Internet. These malicious programs generally have solutions, but for new online users, if they do not know the solutions, they will only be affected, let it be ruined. There is even a tragedy where the hard disk is formatted or the system has to be reinstalled. Therefore, it is necessary to introduce the symptoms and clearing methods of popular prank programs so that you can prevent them and reduce the occurrence of tragedies.

I. norun

Norun is a prank software that has only one executable file, 12288 bytes in size and runs under Win98/ME. After running, you must answer three arithmetic questions. Although the question is very simple, once an error is returned, the machine will be restarted for 12 consecutive times (each time there is a prompt) and then return to normal. There are no other impacts. Therefore, norun is a real prank software, which does not pose a great threat to everyone. However, if the machine is restarted 12 times, it would be terrible! Therefore, you must master the methods to deal with it.

The most direct way is to answer the three questions. Don't worry, it is a arithmetic question that will be done in the second grade of elementary school.

If you are correct, a dialog box is displayed, and click "OK. Because you have answered the correct answer, you will not be able to restart for 12 consecutive times.

If you are worried that your answers are incorrect (if the answers are incorrect, that's too much ......), You can use process management software to terminate the process. Take the Windows optimization master as an example. Run the Windows optimization master, click "System Security optimization"> "Process Management", select norun in the pop-up window, and click "Terminate" to terminate the operation, this avoids 12 reboots caused by norun.

Comment: Pure prank software can be used to joke with friends.

Vicious degree:★

Ii. ilr

Ilr is also a prank program with a file size of 15 kb. What damage can such a small program do? It is a program for capturing people. After running the program, all the folders in all the partitions on the hard disk will be converted to the recycle bin! You cannot click to enter this folder! God, what should I do if I want to enter the folder? Run the software in the following format: xxxx.exe-recover. Remember the format!

Comments: A very alternative prank software that does not damage data, does not make you unable to enter the system, but it will make you unable to enter the folder, so you are in a hurry, it can be used to joke with friends.

Vicious degree:★★

Iii. FUHD

This is a spam file generator. After the program runs, a spam file with a random file name will be generated in each root directory, first-level subdirectory, and second-level subdirectory of each disk (C:-H. A software hdfill.exe has similar functions for a long time. However, this hdfill can only run on machines without the VB4 Runtime Library. This program is written in VB5. Although there is a problem with the Runtime library, it already has the VB5 Runtime Library in Win98, so this program can run successfully in many computers. That is to say, many of my friends may be at risk!

The FUHD package consists of four files:

FUHD.exe: The size is 10752 bytes, And the icons used are the icons used by the VB5 installer. The Spam file is generated directly on the disk, and the program runs in the background without any prompts during the whole process.

Setup.exe: The size is 10752 bytes, And the icon is used by the VB5 installer. Generate junk files in the background after running.

Undo.exe: Size: 6656 bytes. This is the spam file provided by the author to delete the two files generated by the previous EXE files. If you find this file, you can find it and clear the spam files after running the file.

Readme.txt: description file.

Comment: although many people now have large hard drives, it is also very troublesome to distribute a large number of junk files in various directories. In addition, the directory contains too many files, which will greatly slow down the system speed. As a prank software, it has little harm. However, if you do not know the release method, it is also annoying.

Vicious degree:★★☆

Iv. Carem3

Carem3 is the work of Carem, a technical consultant for the network leisure village (a hacker website). It is a very vicious malicious attack software. If you do not know the correct method after running it, the system must be reinstalled. The swap file is 321536 bytes in size.

At this time, the mouse is controlled within a certain range, and you cannot click the button on the screen. When you press the Enter key, a window will pop up to warn you not to run the executable program at will, saying that this is just a lesson, then the computer will be restarted automatically, but you will no longer be able to enter your favorite Windows desktop! If you do not press any key, Carem3 will not let you go. It will automatically record the time, restart the computer from 20 seconds to 0, causing your system to crash!

The basic principle of the program is to destroy the vmm32.vxd file under C: \ windows \ system. Vmm32.vxd is a virtual device driver. The normal file size is 913413 bytes and the file modification time is, because it is damaged (the file is replaced with a file of the same name and the size is changed to 81531 bytes, the file modification time is), so that your computer cannot enter the Windows system.

The solution provided by the author is: Press F8 to select Command prompt only to enter DOS at startup, and then execute repair at the prompt to solve the problem. In addition, if you have backed up the vmm32.vxd file in advance, you can use another method: Use the boot disk to start the computer from disk A, and copy the backed up vmm32.vxd to c: \ windows \ system, restart the computer. If there is no backup, copy it to another computer.

In addition to the two methods mentioned above, there is also a simpler method for cracking. After carem3.exe is running, press ALT + F4 to close the software window before the countdown ends. (do not expect to terminate it by pressing Ctrl + Alt + Del, the author has long shielded these buttons). At this time, your mouse will be locked in a small area of the desktop (a little right in the center of the screen), and the mouse will not be available. But if you do not restart your computer, carem3.exe will not automatically restart your computer-because it has been disabled. In this case, you can use the keyboard to perform operations. If it is too troublesome, simply restart the computer. Don't be afraid. When we press ALT + F4, the software has been shut down, and it was wiped out before the destruction began. So this restart of the computer is the same as we usually restart the computer, it's safe! By the way, you should be careful if your system is below Win2000!

Comment: it is quite vicious, because most people think it will damage vmm32.vxd, but fortunately, the author provides a method to crack, so it is still within the controllable range.

Vicious degree:★★★

5. Demon kiss

The kiss of the demon is a work of the old demon of the millennium. After the download is decompressed, there is only one executable file named yzw.exe, and its appearance looks friendly-the icon is a hand held together! If you are touched by this kind of friendliness, double-click and run the program. Haha, your nightmare begins!

First, there will be a pretty big window on the screen, which says "dear, give you a kiss of shutdown", and the window will show 60, 59, 58 ...... The system restarts automatically when the countdown value reaches 0. When you hear the Windows Startup sound again and think it's okay, the nasty "dear, give you a shutdown kiss" appears again, and then restarts again and again, in an endless loop, you cannot enter your system at all. If you want to terminate the window by pressing Ctrl + Alt + Del when it appears, it will not work because the author shields the hot key. Oh, isn't it a bad kiss?

What should I do? Do you want to delete its main file? In this case, you are running yzw.exe in the c root directory. When you delete it and then go to the system, a message is displayed in the dialog box saying "loading c: \ yzw.exe failed. You must reinstall Windows ", at this time, you can only click the "OK" button on the dialog box. After clicking it, the world is actually much quieter-the system is automatically shut down. If you want to enter Windows in safe mode, it will also display the above prompt and shut down directly. So how does it control my system? I will give you a prompt to see this sentence: "loading c: \ yzw.exe failed", right! To load the yzw.exe file, you may start with the Registry, win. ini, system. ini, etc. Where did the "kiss" load?

In fact, the c: \ windows \ system.ini file is changed to shell = c: \ yzw.exe after the ghost kiss is run. When you start the instance again, the kiss will be automatically loaded and run. The startup and running of ghost are different. Therefore, it is useless to change the registry and win. ini after the demon kiss is reached. However, you cannot delete yzw.exe. If you delete yzw.exe, an error is reported in Windows, asking you to reinstall Windows. Note: Here c: \ represents the absolute path. For example, if you run yzw.exe under d: \ aaa, the corresponding shell is d: \ aaa \ yzw.exe.

Solution: There are five methods available for you, either of which can be used.

Method 1: Because the kiss of the demon is a monster in system. ini, we can crack it by eliminating it there. The specific method is: Press Shift + F5 to enter the Command prompt only mode after the host restarts, and enter the Command edit system. ini edit system. in the INI file, change shell: = absolute path \ yz1_exeto shell‑policer.exe, save the disk, and restart the host to access the familiar Windows desktop.

Method 2: Use the edit command to edit the system. ini file. However, this operation deletes the shell statement, stores the disk, and restarts to crack the control of the kiss of the demon.

Method 3: swap the file. After the system restarts, you can. If you think that the file name behind shellis not great, you can use msconfig.exeto return the file name to "cmder.exe.

Method 4: We all know that Windows can be closed with the combination key Alt + F4, which is still valid here. Run yzw for the first time.

The above content is an introduction to the popular prank program introduction and cleanup. I hope you will get something.