Step by step, teach you to hide and clear Trojans

Anti-virus software that has been with us for many years is very "thin" in the face of ever-changing viruses and Trojans, and it is very difficult to get rid of them, some even cannot discover viruses or Trojans, let alone how to clear them. For this reason, manual inspection and removal are required. This document uses the wmiprvse.exe process Trojan, which is a pseudo-system, as an example to explain how to clear the Trojan.

One day, I often look forward to the same, press and hold the "CTRL + ALT + DEL" key on the keyboard, open the "Task Manager", and switch to the "process" tab. However, what is different today is that, from the Progress logs tab, Zookeeper finds that there is one more wmiprvse.exe process. As a result, wmiprvse.exe process is retrieved in a hundred degrees. The answer is that wmiprvse.exe is part of Microsoft's Windows operating system. Used to pass winmgmt.exeProgramTo process WMI operations, this program is very important to the normal operation of your system.

I believe that this is a normal and secure program process, just like my thoughts. So I did not take it seriously and started my online game "career ", however, the computer restarts automatically after a long time, and then restarts several times intermittently. In the absence of any suspicious objects, the author chooses to use the system's search function to view the sudden appearance of the wmiprvse.exe program file, and the result shows that two identical wmiprvse.exe files coexist.

After careful observation, I found that the two program files are very similar. Some wmiprvse.exe files are under the windows2 directory. Then I further read the creation of the two folders. windows2 is indeed within the time when I reinstall the system, so both of them are System directories, the previous one was not deleted for the last time. In this case, I open the "Task Manager" dialog box and find that two wmiprvse.exe processes exist in the system, which are run by users with different permissions. So I checked the information on the Internet and said that the files under the \ system32 \ WBEM file are normal files. In other words, wmirvse.exe files under windows \ system32 \ wbemare not directly deleted as virus files. In the "Task Manager" dialog box, the author stops the process and enters the process folder to delete the virus file. I thought the virus was eliminated like this. It took about 10 minutes before the author restarted the virus and the virus process appeared in the task manager.

So I am so worried that I would rather kill one by mistake and never let go of the psychology of a virus file. I will stop the Trojan process again and delete all the files in the windows2 directory, the registration of the ghost process has disappeared, and the system's automatic restart of the machine also disappears, so that the true and false "Monkey King" will see Xiao. If you attempt to install the wmiprvse.exe program as a Trojan, it is better to clear the virus according to the ideas in this article. Why should you use a time-and labor-consuming reinstall solution.