Sunway worm causes all exe icons to change color blur solution _ Virus killing
Source: Internet
Author: User
Computer poisoning, all the exe icons are changed color blur, after the Golden Hill gold killing tools after the antivirus, the EXE icon has become asked icon ' double click ' after the hint can not find the Transport link library FTKernelAPI.dll in the designated road D:\Wool; C:\WINNT\system32; C:\WINNT\system; C:\WINNT\system32; C:\WINNT;
C:\WINNT\system\Wbem; C:\Program Files\aei Technologies\ati Control Panel.
Workaround:
Unfortunate in the gold virus, was killed a few days, I struggled to study 2 days after finally the gold virus to completely eliminate! Little excitement.
A variety of anti-virus software and network dedicated kill tools can not cure the gold virus, and various methods also introduced too simple, below I will introduce a set of anti-virus software and manual treatment in one of the software will be the total elimination of gold!
1. After the poisoning broke the net to restart the computer immediately, after restarting if the computer has advanced anti-virus software (recommended use Kaspersky, I tried three anti-virus software, finally found only Kabbah can detect a large number of viruses, the other can only find a little bit, but also kill, everywhere have cracked the Kabbah download, not trouble, As long as you do not download to the virus on the OK) then use Antivirus (remember not to network during this period, otherwise, the virus will automatically download Trojans, if the computer does not have advanced anti-virus software, on the network quickly download a cracked version of the Kabbah (recommended shun a security guard, a gold rising kill) and then upgraded and broken nets, Must be quick! Gold is copied very fast, the faster you go, the easier it is to destroy him.
2. Antivirus software ready to start antivirus, you will find that the computer has a lot of viruses and Trojans, and a Kabbah can not eliminate, but the gold virus is a bit very powerful! Your Kabbah can only use once, and the second gold will restrain your kabbah so that it cannot be opened (so this time we must kill all the found), if the first step in the preparation of security guards and kill tools in Kabbah killed after the computer to switch to Safe mode (on the power-on when the F8 can enter), Kill with two tools above (these two are not too useful, but they can be wiped out a little bit).
3. The completion of the above steps after the initial work will be basically completed, and then enter the manual antivirus: The virus is generated in the Windows directory Dll.dll,logo1_.exe,rundl132.exe these three files.
and Dll.dll injected Explorer.exe is done by Logo1_.exe. The virus will join Rundl132.exe in the power-on auto execution first turn on my computer! Select Tool--Folder Options--Check out the "Hide protected operating system files (recommended)" option in the view (shortcut keys press alt+t and click O) to uncheck "Show All Files and folders"!
"1". Press Ctrl+alt+del to end the Rundl132.exe,logo1_.exe in Task Manager (without operation), delete the Logo1_.exel and Rundl132.exe in the C disk (not knowing where, can open My Computer press ctrl+f and then search for Rundl132.exe,logo1_.exe)
"2". Because the DLL.dll module is written to the explorer, it cannot be deleted. But there is a way to remove, open task management to the process of the Explorer.exe end off, then the desktop has disappeared, not afraid! Select the Task Manager's file (F)--New task (Run ... (N) "Then run the Explorer.exe desktop and come out again!" Then remove the DLL.dll in the C: disk (press Ctrl+f to find it, then delete)
"3". Enter regedit in run to find registry key values:
[Hkey_local_machine\software\soft\downloadwww] Deletes it, and then presses CTRL+F to find the registry key value Rundl132.exe and all key values in this key to remove it
"4". Turn on My computer, press ctrl+f and then search for _desktop.ini, remove all _desktop.ini found (the icon is also shown there after the deletion, ignore it, turn it off after checking to see if there is one)
4. After the above steps are complete, the virus can no longer replicate, next is to delete the original Kabbah, and then again will be Kabbah installed once, restart, antivirus (at this time just will be the rest of the Trojan to wipe out on it), kill the virus and then restart, in My computer search to see whether _ Desktop.ini file, if not the words congratulations to you all the virus eradication, if there are words to repeat the above steps until the virus is completely eliminated.
5. Prevent reinfection run Gpedit.msc open Group Policy
Click User Configuration-Admin Module-system-Specifies that the program point that is not running for Windows is enabled and then point to the source file that adds logo1_exe to the virus.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.