Methods and related software for manually removing avterminator

Recently, the avterminator virus is very popular, and many people are in it. The anti-virus software cannot be opened, and the reinstallation of the drive C will immediately become poisoned. because the avterminator is constantly updated, anti-virus software and kill are always one step behind and cannot be detected.
Here is a small advertisement. I have created a new QQ Group to provide you with a place for communication. The group number is 4550740. you are welcome to join experts and friends who need help. when I write this, there is only one of me in the group ....
Now I will give you a manual anti-virus idea, and take "permanent downloader" as an example to teach you how to manually clear viruses.
In fact, avterminator does not refer to a specific virus, and does not have the function of remote control or account theft. avterminator is used to download trojans from one or more specified URLs. However, avterminator sets many protection measures for itself. It will disable most anti-virus software and auxiliary anti-virus software and generate autorun in each partition. inf and write to the Registry, generate image hijacking, and so on.
"Permanent downloader" is a typical avterminator. The above mentioned avterminator does not refer to a specific virus, so here we can only provide the idea of manual antivirus, completely following my anti-virus steps may not be completely cleared. therefore, this tutorial is suitable for people who know more about computers. at the end of the article, I will also provide a method that is suitable for beginners to reload the system on a single drive C and will not immediately become poisoned.
Okay. Start now.
To do this, you must first sharpen the tool. Therefore, first prepare the three anti-virus auxiliary software that will be used.
1. Icesword II 1.20 (ice blade)
: Http://www.crsky.com/soft/6947.html
2. Autoruns
: Http://www.crsky.com/soft/5285.html
3. SREng
: Http://www.kztechs.com/sreng/download.html
For this virus, Icesword and Autoruns are the main force for reasons described later.
If you have used a flash drive, such as a mobile hard disk, during the poisoning period, it is best to connect it and kill it, without just inserting a flash drive and poisoning it.
I
Bytes
1.

Sorry, I will only mention the software name, and I will not remind you of the name before the change ).
2.

What have you found? The names of common anti-virus software and auxiliary software are basically here. As long as you run the software with the same name as in this list, it will automatically turn to run the virus file.

II

Run Icesword to find the virus process. The permanent installer has two processes that are mutually protected. The Windows Task Manager cannot shut down the process. therefore, it is required that people who are familiar with computers do not know what virus processes are. because there are many types of avterminator, You need to determine which virus processes are needed.

3,

Find the virus process and write down the path of the virus. press Ctrl to select both processes and right-click them to end the process. Because both processes are disabled at the same time, virus process protection does not work. refresh several times to see if there are any new virus processes. If not, proceed to the next step.

3.
Click "file" on the left side of Icesword, find the two files in the path noted down above, and delete the files. then find the autorun under the root directory of each partition, such as C: \ D: \ E. inf and *****..
4.

Now avterminator Virus Against Autorun. the inf file has been improved. Right-click the file without the Auto icon, and double-click the file to enter the partition. However, no matter whether you right-click to open the file or double-click it, the virus file will run, this is why many people are poisoned immediately after reinstalling the C drive. to delete these files, you must use third-party software, such as Winrar, Icesword, Totalcmd, and other Resource Manager software, or the Windows cmd command line. Otherwise, the virus program runs after entering the partition, all the previous operations must be done again.
Note: Autorun. inf and *****. if you want to find a file or run a program, you can directly enter c: or d: wait, and press enter to enter the partition.
Thu
Now it's Autoruns's turn. Run Autoruns and click "User Logon" to find the startup command for virus writing to the Registry. right-click to delete the two. the following shows "files not found", because we have deleted these two files in Icesword.
5.

Then click the Image hijacking and delete all the items except the last Your Image File Name Here without a path c: \ windows \ system32 \ ntsd.exe. Tired, so many .... this should be the case after deletion, 6.

By now, the avterminator virus has been cleared. but .... well, once you hear it, you know it's not over yet. because we only cleared avterminator, and we have not killed the trojan downloaded by avterminator. everyone has noticed the red iexplorer process in Figure 3. This is the gray pigeon Trojan downloaded by avterminator. icesword can be found to hide a process in red. This process is invisible in Windows Task Manager. generally, this red process is not a good thing ~
At the beginning of this article, we have already mentioned that avterminator has many types. Not every one of them is like "permanent downloader" and only writes the Registry Startup item. so SREng will work in handy at this time. Use SREng scan to check the registry startup items, services, and drivers, and use Icesword to clear Trojans together. because SREng needs to have a better understanding of the service items and driver items of the computer, computer beginners can use the SREng smart scan to scan a report and send it to some forums. here I will not detail how to manually kill the pigeon. It is easy to clear it with SREng and Icesword.

I also want to make an animation tutorial, but it is not very convenient to use a computer in the office. I will do it later.
Welcome to group: 4550740