Manually delete the "MSN photo" virus

Source: Internet
Author: User

Virus name: MSN photo (Worm. IRC. MyPhoto.)

Virus Type: Worm

Virus hazard level:★★★☆

Virus outbreaks and hazards:

The virus will send the content "HEY lol ive done a new photo album!" through MSN! :) Second ill find file and send you it. "," Hey wanna see my new photo album ?" And a compressed file named photo album.zip.

A user running the program in the compressed file will be infected with virus. The virus also releases a backdoor program on the user's computer. Hackers can use the IRC software to remotely control the computer that has been poisoned and steal personal data. This poses a great security threat to the user.

Manually delete:

1. Delete the virus Registry Startup Project

1. Run regedit to open the Registry Editor. Open HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows

CurrentVersionShellServiceObjectDelayLoad locate the "rdshost" item, record its value, and delete the item.

Note: The value of "rdshost" is a CLSID. The CLSID produced by the virus is not fixed, in this example: {C7B4EE78-A8FB-4C16-AE1F-C1A568949825 }.

2. Open HKEY_CLASSES_ROOTCLSID and find the CLSID item in the record just now. In this example, it is: {C7B4EE78-A8FB-4C16-AE1F-C1A568949825} and deleted.

Ii. restart the computer

Because the virus resides in the memory, after the startup project is cleared, you must restart the computer to delete the virus file.

3. Delete Virus files

1. Go to Windows. The default value is C: windows. Find the file "photo album.zip" and delete it.

2. Go to the system directory. The default value is C: windowssystem32. Find and delete the file named "rdshost. dll" (note that the DLL file is not an EXE file ).

3. restart the computer and check whether these files exist. If they do not exist, the virus is cleared.

Other methods are as follows:

1. Network disconnection)

2. Cancel the automatic running of MSN (enable MSN-tools-options-General-cancel "run automatically when I log on to Windows ......")

3. Restart the instance. (If you do not enter the security mode, you can do it. I did not enter the security mode)

4. Open the Registry (START-run-Enter "regedit"-press Enter)

5. Search for "photo album" in the Registry and delete it (press the F3 key in the registry, enter "photo album" in the text box, press enter, search for related items, and delete them; press F3 to continue searching and delete ...... Until "Registry Search completed" is displayed ")

6. Delete the received file and restart the computer.

7. You can repeat Step 1 to check whether there are any related items (I have repeated several times and have not found any)

8. Run MSN (I tested for 20 minutes, no exception was found, and no exception was found in message sending)

This operation is effective when the computer of a company's colleague is a junior high school computer.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.