(In fact 2000,xp all have smss.exe necessary process, but its path is c:\winnt\system32, see the Path tool can use Process Explorer this tool to see)
Write a Autocommand.ini file in D disk that can be deleted, but deleted and then automatically generated.
First, restore the system disk mirroring, enter the system. Found to be still poisoned
Two view registry startup project run has a load item tprogram=c:\windows\smss.exe, you can delete it, and after the startup registry has this!
Second Download Trojan Kessing latest version, installed. Mumak star cannot start. Tip The virus library could not be loaded.
Three-change Trojan scavenger, after installation. is also unable to start, prompted that the virus library could not be loaded because the C:\windows\smss.exe
Four installation nod32 antivirus, launch prompt cannot scan.
Four into Safe mode. Install Trojan Nemesis, the problem remains. This smss.exe still exists.
Five into DOS, delete Smss.exe. After reboot, the virus automatically generates Smss.exe. Depressed.
Six, the format of the reload system, there are still viruses!
Seven, DM delete partition after zoning, format reinstall system, the virus finally no!
The following information about the virus has been collected on the internet, which I hope will help you to prevent the virus.
Journey flag Icon Trojan--smss. Exe
It is said that there is a new "abnormal" Trojan, SMSS. Exe
Main program:%WINDOWS%\SMSS. Exe
Icon: Journey banner Icon
One of the cleanup methods ...
1. Run Procexp.exe and SREng.exe
2. End%windows%\smss with Procexp. EXE process, note path and icon
3. Sreng Recovery EXE file association
1,2,3 step to pay attention to the order, do not reverse.
The deleted files are the ones that were first said, don't delete the wrong one.
5. Finally, open Registry Editor to restore the modified information:
Looking for "explorer.com", the Found "explorer.com" modified to "Explorer.exe";
Look for "finder.com", "Command.pif", "rundll32.com", the Found "finder.com", "Command.pif", "rundll32.com" modified to "rundll32.exe";
Looking for "iexplore.com", the Found "iexplore.com" modified to "iexplore.exe";
Look for "iexplore.pif" and change the Found "Iexplore.pif" along with the path to the normal IE path and file name, such as "C:\Program files\internet Explorer\iexplore.exe".
These are mainly in the following several locations:
Hkey_local_machine\software\classes\.bfc
Hkey_local_machine\software\classes\.lnk\
Hkey_local_machine\software\classes\applications\iexplore.exe
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}
Hkey_local_machine\software\classes\cplfile
Hkey_local_machine\software\classes\drive
Hkey_local_machine\software\classes\dunfile
Hkey_local_machine\software\classes\ftp
Hkey_local_machine\software\classes\htmlfile
Hkey_local_machine\software\classes\htmlfile
Hkey_local_machine\software\classes\htmlfile
Hkey_local_machine\software\classes\http
Hkey_local_machine\software\classes\inffile
Hkey_local_machine\software\classes\internetshortcut
Hkey_local_machine\software\classes\scrfile
Hkey_local_machine\software\classes\scriptletfile
Hkey_local_machine\software\classes\telnet
Hkey_local_machine\software\classes\unknown
Hkey_local_machine\software\clients\startmenuinternet
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
