Manually delete the "MSN photo" virus

Virus name: MSN photo (Worm. IRC. MyPhoto.)

Virus Type: Worm

Virus hazard level:★★★☆

Virus outbreaks and hazards:

The virus will send the content "HEY lol ive done a new photo album!" through MSN! :) Second ill find file and send you it. "," Hey wanna see my new photo album ?" And a compressed file named photo album.zip.

A user running the program in the compressed file will be infected with virus. The virus also releases a backdoor program on the user's computer. Hackers can use the IRC software to remotely control the computer that has been poisoned and steal personal data. This poses a great security threat to the user.

Manually delete:

1. Delete the virus Registry Startup Project

1. Run regedit to open the Registry Editor. Open HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows

CurrentVersionShellServiceObjectDelayLoad locate the "rdshost" item, record its value, and delete the item.

Note: The value of "rdshost" is a CLSID. The CLSID produced by the virus is not fixed, in this example: {C7B4EE78-A8FB-4C16-AE1F-C1A568949825 }.

2. Open HKEY_CLASSES_ROOTCLSID and find the CLSID item in the record just now. In this example, it is: {C7B4EE78-A8FB-4C16-AE1F-C1A568949825} and deleted.

Ii. restart the computer

Because the virus resides in the memory, after the startup project is cleared, you must restart the computer to delete the virus file.

3. Delete Virus files

1. Go to Windows. The default value is C: windows. Find the file "photo album.zip" and delete it.

2. Go to the system directory. The default value is C: windowssystem32. Find and delete the file named "rdshost. dll" (note that the DLL file is not an EXE file ).

3. restart the computer and check whether these files exist. If they do not exist, the virus is cleared.

Other methods are as follows:

1. Network disconnection)

2. Cancel the automatic running of MSN (enable MSN-tools-options-General-cancel "run automatically when I log on to Windows ......")

3. Restart the instance. (If you do not enter the security mode, you can do it. I did not enter the security mode)

4. Open the Registry (START-run-Enter "regedit"-press Enter)

5. Search for "photo album" in the Registry and delete it (press the F3 key in the registry, enter "photo album" in the text box, press enter, search for related items, and delete them; press F3 to continue searching and delete ...... Until "Registry Search completed" is displayed ")

6. Delete the received file and restart the computer.

7. You can repeat Step 1 to check whether there are any related items (I have repeated several times and have not found any)

8. Run MSN (I tested for 20 minutes, no exception was found, and no exception was found in message sending)

This operation is effective when the computer of a company's colleague is a junior high school computer.