MSN virus "Sexy album" a variant of the manual antivirus Method

Today, a beautiful mm handed me a file and told me it was a recent photo. Out of trust in beautiful mm, I received and opened the file. Unfortunately, this happened, I am poisoned. The mouse is not obedient, and the virus files are frantically sent to online MSN friends. Some friends are also infected with this virus.

Then I checked the virus information on the Internet and thought it was similar to the MSN "Sexy album" virus, but the virus used Chinese when sending files, I used pinyin to search for the anti-virus method (there are many manual anti-virus methods for "Sexy album", so I won't talk about it here ), I found that my drugs are not the same as those on the Internet, but I am sure it is a variant of "Sexy album. Since it is a variant, the principle should be the same. According to the anti-virus method of "Sexy album", combined with my anti-virus, the method of Anti-Virus is summarized as follows:

1. Click the Start menu and select Run. Enter “regedit.exe to start the Registry Editor.
2. Expand HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ shellserviceobjectdelayload in the registry.
3. Find the item "printers". (" Sexy album "is the" syshosts "item), record the value of this item (my machine's" {40076be6-5e7e-470d-accf-7737446bfaa9} ") to delete this item.
4. Expand hkey_classes_root \ CLSID in the registry.
5. Find the value you just recorded. After expanding it, you will find that it links a DLL named "libcintles3.dll ", record the DLL name and delete the node with this value on the left of the registry
6. restart the computer
7. Open "my computer ", select "Tools"-"" Folder Options "from the menu, click" View ", and deselect the check box before" Hide protected operating system files, select "show all files and folders" in "hide files and folders" and click "OK ". Cancel the check box before "hide the extension of a known type file", and then click "OK ".
8. Delete image050.zip, album32.zip, and other image-related ZIP files under $: \ WINDOWS (because each machine may be different).
9. At $: \ Linux \ system32 Delete the recorded DLL (libcintles3.dll)
10. restart the computer to check whether the deleted file still exists. If not, congratulations, you have successfully killed the virus