Sxs2.exe virus to the system time to April 1, 1980, Kaspersky immediately stop work, with Autorun connection Sxs2.exe program, the computer was planted.
Copy the following text into the text document and save as "clean sxs2.bat" and double-click to run.
Copy Code code as follows:
@echo off
Color 1a
Echo.
Echo Welcome to use
Echo.
echo this program mainly to deal with Sxs2.exe virus, symptoms mainly manifested as "time is changed to 1980.4.1, boot prompt time error
echo cannot view hidden file, Kaspersky prompts for activation error, disk needs right key to open "etc.
Echo.
Echo Time error Please do it manually after the end of this program, this procedure is not responsible for this
Echo.
Echo.
echo----------------------------by computer outpatient-----------------
Echo.
Echo.
echo Presses Ctrl C key at the same time to exit this program
Pause
Echo.
echo-------------------------------start now------------------
Echo.
@echo off
Echo prepares to terminate Sxs2.exe process
echo Presses Ctrl C key at the same time to exit this program
Echo.
echo If this program prompts "error: Process" Sxs2.exe not found "" means that the virus has stopped running
Echo.
Pause
taskkill/f/im Sxs2.exe
taskkill/f/im Sxs2.exe
Echo.
Echo begins removing Sxs2.exe components from C to K-packing directory
Echo.
The desktop disappears, the open folder is closed in the middle of the echo, don't worry too much
Echo.
echo Presses Ctrl C key at the same time to exit this program
Echo.
Pause
MD c:\hold
Echo.
Copy%systemroot%\system32\autorun.exe C:\hold
taskkill/f/im EXPLORER. Exe
Echo.
del/f/A%systemroot%\system32\autorun.*
del/f/A c:\autorun.*
del/f/A C:\desktop.ini
del/f/A C:\folder.htt
del/f/A C:\sxs2.exe
Echo.
Copy C:\hold\autorun.exe%systemroot%\system32\autorun.exe
Echo.
RD/S/q C:\hold
Echo.
del/f/A d:\autorun.*
del/f/A D:\desktop.ini
del/f/A D:\folder.htt
del/f/A D:\sxs2.exe
Echo.
del/f/A e:\autorun.*
del/f/A E:\desktop.ini
del/f/A E:\folder.htt
del/f/A E:\sxs2.exe
Echo.
del/f/A f:\autorun.*
del/f/A F:\desktop.ini
del/f/A F:\folder.htt
del/f/A F:\sxs2.exe
Echo.
del/f/A g:\autorun.*
del/f/A G:\desktop.ini
del/f/A G:\folder.htt
del/f/A G:\sxs2.exe
Echo.
del/f/A h:\autorun.*
del/f/A H:\desktop.ini
del/f/A H:\folder.htt
del/f/A H:\sxs2.exe
Echo.
del/f/A i:\autorun.*
del/f/A I:\desktop.ini
del/f/A I:\folder.htt
del/f/A I:\sxs2.exe
Echo.
del/f/A j:\autorun.*
del/f/A J:\desktop.ini
del/f/A J:\folder.htt
del/f/A J:\sxs2.exe
Echo.
del/f/A k:\autorun.*
del/f/A K:\desktop.ini
del/f/A K:\folder.htt
del/f/A K:\sxs2.exe
Echo.
Start C:\WINDOWS\EXPLORER. Exe
Components removed from echo C to K-packing directory
Echo.
Echo is now ready to resolve problems that cannot open the show All files and folders option and double-click the letter to open a new window
echo Presses Ctrl C key at the same time to exit this program
Echo.
Pause
reg delete hklm\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showall/v CheckedValue/ F
REG ADD hklm\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showall/v checkedvalue/t REG_DWORD/D 00000001
Reg delete hkcr\drive\shell/ve/f
Reg ADD hkcr\drive\shell/ve/t reg_sz/d None
Echo.
Echo starts deleting startup entries in the registry
Echo.
echo If this program appears "error: The system cannot find the specified registry key or value" indicates that the virus power-on startup item has been deleted
Echo or a new variant appears, please remove it in the System Configuration Utility
Echo.
echo Presses Ctrl C key at the same time to exit this program
Echo.
Pause
Reg delete Hkcu\software\microsoft\windows\currentversion\run/v sxs2/f
Reg delete Hkcu\software\microsoft\windows\currentversion\run/v sxs2.exe/f
Echo.
Echo now opens the System Configuration Utility, please check to see if you have any of its startup items.
Echo.
echo Presses Ctrl C key at the same time to exit this program
Pause
Start Msconfig
Echo.
Echo.
echo cleanup is over, please log off the machine in order to ensure the killing success.
Echo.
echo if there are other circumstances please come to the five-colored soil "computer outpatient" inquiry, thanks for using
Echo.
Pause