Manually clear the PcShare trojan in antivirus 36

PcShare Trojan is a powerful remote control software. It has the first driver Hidden Port Technology in China and can be called a perfect system Kernel Backdoor. Even in powerful anti-virus software, it is sometimes blinded by it. The following I will take two pictures as an evidence (Fig 01) (Fig 02 ).

Figure 01 result

Figure 02 Kaspersky detection and removal page

Without any processing of the Trojan, the Trojan can be found and killed by anti-virus software. It can be seen that the concealment of the Trojan is very strong. As for how to clear the trojan, we can see from the above that it is definitely not possible to simply kill the soft, so here we will combine a manual method to clear the Trojan.

Use find.exe to find Trojans

In order to clear the authenticity of the Trojan, the author runs the Server File of the Trojan on his own machine, so that the trojan will be successfully loaded into the system, thus controlling the entire computer. Next, how can we clear the trojan it loads? Click Start> Run. In the displayed run dialog box, enter the CMD command and press enter to open the command prompt dialog box, alternatively, copy and paste the CMD file in the system to a directory and double-click the CMD execution file to bring up the "command prompt" dialog box (Figure 03 ).

Figure 03 open the CMD command prompt dialog box

Connect the directory to the find.exe directory, and enter the Find-f command and press enter at the position where the cursor is flashing. Then, you can Find the hidden path C: program Filesdzgmhncg of the Trojan. sys and the trojan service name "1 hidden service" (Figure 04 ).

Figure 04 use the Find tool to Find the hidden Trojan path

Now that we know the trojan path and its service name, we disable the trojan service and stop it from running in the system. Here, we continue at the "blinking cursor" command line, enter "Find-cd dzgmhncg. run the "sys" command and press enter to disable the Service (Figure 05 ).

Figure 05 Trojan Horse Service Disabled successfully

Then, check the current properties of the service and enter "Find-c dzgmhncg" at the blinking cursor. run the "sys" command and press Enter. The status of the Trojan service is displayed (Figure 06 ).

Figure 06 view attributes using the Find command

As you can see clearly, The result is The Service "dzgmhncg. sys" has not been found information, indicating that The Service is not found, that is, The Service is not enabled now. After knowing this, go to the C: program Files directory, find the Uwupqudn. dll file released by the backdoor, and delete it (Figure 07 ).

Figure 07 Delete the released Uwupqudn. dll file

Clear malicious key values written by Trojans in the Registry

After the operation, click Start> Run. In the displayed run dialog box, enter the Regedit command and press Enter, open the Registry Editor (Figure 08 ).

Figure 08 open registry editor

On the page, click "edit"> "Search". In the displayed "Search" dialog box, set the name of the file released by the deleted Trojan to Uwupqudn, enter the "search target" text (Figure 09 ).

Figure 09 enter the Uwupqudn key to be searched

Click "find next" to search and release Trojans in the registry. The malicious key values recorded are found and deleted. Then, return to the "Search" dialog box along the original path, enter the "dzgmhncg" key value in its text, and click "find next" to find the malicious key value recorded by the Trojan, then delete all of them to clear the hidden backdoors.