Manually clear the USB flash drive virus of the folder icon.

Recently, almost all of the school's hard drive systems have a USB flash drive virus. Any computer that has a USB flash drive inserted in the system will copy executable programs with the same name based on the existing folder name in the USB flash drive, in addition, you can change your file icon to the default folder icon of the XP system and hide the existing folder. This virus also provides this function. After being double-clicked, the folder with the same name will be opened, very confusing. Poisoned USB flash disks

　　

This USB flash drive virus is confusing. Generally, your computer hides the file suffix and hidden folders, the virus hides the original folder and double-click the virus program to open the corresponding folder. At present, this virus cannot be detected by rising stars, and no 360 security guard is prompted. Therefore, everyone should be vigilant against this virus to prevent theft of their account passwords and important data.

PEID is used to check whether the virus is shelled. Use C32ASM to open the virus sample "VIDEO. EXE ", then corresponding to the hexadecimal editing, search for" http "to see if there is any virus or other files downloaded. A goal was found:

　　

Found a target, http://www.yeanq **. com/ul.htm is a Web site. After opening it, you can see that it is a common page. The USB flash drive virus looks like a website promotion program, and no detailed analysis is made on other functions. We will mainly introduce how to clear the virus, which is not very complicated.

If you have installed 360 security guards, it is not very complicated to clear them. Directly enable the startup and running software management:

　　

At the bottom of the page, we can see that the two folder icons do not have a company signature program. You can uninstall them all. This prevents the virus from running directly at startup.

If 360 security guard is not installed, open the boot Folder:

　　

Double-click the red box to open it. After opening the file, it is as follows:

　　

Delete the shortcut on the red circle. This process is not over yet. The virus is started after being started. Open the Registry Editor and delete the corresponding startup key values under HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun:

　　

Then run the resource manager and find the corresponding process to end:

　　

It is best to perform this step first, because some viruses always judge whether the startup item in the registry exists during running, and write if it does not exist. Therefore, it is scientific to end the virus process first. Which one can be used for this virus.

Finally, delete the virus in the WINDOWS/sysyem32 folder Based on the detected virus location:

　　

This type of USB flash drive is very confusing and will be widely spread through the USB flash drive. If it has the function of downloading other Trojans, the harm is quite large. On the surface, it looks like a malicious program promoted by a website, however, it is also likely to have other functions, such as the trojan and spyware functions, which can control the target computer and upload and download files from the victim machine at will, posing a serious threat to the security of users' computers. Therefore, we should be cautious that you should take anti-virus measures against your USB flash drive when printing it back from the agency. Such as viruses that cannot be detected or killed by antivirus software, you need to be vigilant.