Step by step to show you how to hide and clear Trojans

Anti-virus software that has been with us for many years is very "thin" in the face of ever-changing viruses and Trojans, and it is very difficult to get rid of them, some even cannot discover viruses or Trojans, let alone how to clear them. For this reason, manual inspection and removal are required. This document uses the wmiprvse.exe process Trojan, which is a pseudo-system, as an example to explain how to clear the Trojan.
One day, I often look forward to the same, press and hold the "Ctrl + Alt + Del" key on the keyboard, open the "Task Manager", and switch to the "process" tab. Today is different from the past. From the progress logs tab, we can find another wmiprvse.exe process. The result is that wmiprvse.exeis a part of the Microsoft Windows operating system. It is used to process WMI operations through the winmgmt.exe program. This program is very important for the normal operation of your system.

I believe that this is a normal and secure program process, just like my thoughts. So I didn't take it seriously and started my online game "career", but it wasn't long before, the computer started to restart automatically, and then restarted several times intermittently. The coexistence of hosts files (figure 1 ).

After careful observation, I found that the two program files are very similar. Some wmiprvse.exe files are under the Windows2 directory. Then I further read the creation time of the two folders. Windows2 is indeed within the time when I reinstall the system, so both of them are System directories, the previous one was not deleted for the last time. Then, the author opens the "manage tasks" dialog box and finds that two wmiprvse.exe processes exist in the system, which are run by users with different permissions. The hosts file is a virus file. In the "Task Manager" dialog box, the author stops the process and enters the process folder to delete the virus file. I thought the virus was eliminated like this. It took about 10 minutes before the author restarted the virus and the virus process appeared in the task manager.

The ghost process has disappeared, and the system automatically restarts and restarts the machine. As a result, the true and false Monkey King will see John. If you try to catch the Trojan with the pseudo-wmiprvse.exe program, it is better to clear the virus according to the ideas in this article. Why bother to adopt a time-and labor-consuming reinstall solution.