Sxs.exe virus and cleanup Methods

Many of my friends are infected by copying objects through a mobile disk, especially a USB flash drive, especially in Internet cafes. When you finish copying objects, use DOS to access your Mobile Disk dir/category and autorun. inf replacement. You will not be infected when you go home.
It's strange to me that Kaspersky finds out that D and E have this thing under the root directory, and there are four or five other Trojans that cannot even hide folders, why can't SVCHOST be deleted? (restart as soon as one click), no such thing as netcount ~ Depressed ......
When browsing the Web page, the backend is installed without permission (I also set up a high security level), super broadcasting and yiduoduo, and what are the four bar search tools, A mess of webpages is automatically popped up, and the system performance rapidly declines. As a result, my computer cannot be opened slowly, causing Norton to be unable to upgrade online. Countless yok.com and other information are written in the registry, after the software is uninstalled, the webpage is still automatically popped up from time to time. This is just a rogue software. The so-called Yilong is also called Yilong or Yilong, And I still leave a phone number on the software, 010-64311335, I called them and asked them to say they were not a virus. They said they were not a virus in the C Block of the Star Building In Jiuxianqiao. It is said that the C block is their company. I am wondering, you are a "big" Company, how can we make such a disgusting thing? Just bind a rogue software and install it in the background ~~ After double-clicking, there is no response. Sorry, as I wrote this post, there were countless complaints about web page interruptions, and those processes will run themselves later after the manual termination.

What is sxs.exe virus?
You have modified the ROSE virus.
The SXS process can be deleted. Remember, right click to enter the hard disk.

At the same time, press Ctrl + Shift + Esc to open the windows task manager.
Select the "process" tab
Find "“sxs.exe" under the " name, But click it and select "End Process"
Define all sxs.exe Processes
Open my computer and click "Folder Options" under the tool menu"
Click the view tab
Uncheck this option before "Hide protected operating system files (recommended )"
And select the "show all files and folders" option below.
Click OK"
Right-click drive C (you cannot double-click it !) Select "open"
Delete the autorun. inf and “sxs.exe files under drive C.
Right-click disk D and select "open"
Delete the "autorun. inf" file and the "sxs.exe.pdf" file under drive D (A file exists, and the file is also deleted by A. EXE file)
......
Similarly, delete the AUTORUN. INF file and ecliprose.exe file on all disks.
Click Start and select "run" and enter "regedit" (no quotation marks). Press enter.
Expand my computer on the left of the Registry Editor> HKEY_LOCAL_MACHINE> SOFTWARE> Microsoft> Windows> CurrentVersion> Run
Delete the ROSE (c: \ windows \ system32 \ SXS.exe) project from the Run item.
Disable Registry Editor
Then restart the computer.

Delete the hard disk as ROSE:
Press shift to insert the USB flash drive until the computer prompts "new hardware is available"
Open my computer
In this case, right-click the USB flash drive icon and choose "open" (do not play it automatically or double-click it !)
Delete the SXS.exe and autorun. inf files.
For the first time in history, I encountered such a stubborn virus. I found it online and did not have a uniform name. Rising was called the Trojan. PSW. QQPass. pqb virus. Let me call it the sxs.exe virus.

After the system is reinstalled, double-click the partition disk and try again. If you are depressed, rising will automatically disable it and cannot open it. You have to manually delete it.

Symptom: The system file is hidden and cannot be displayed. If you double-click the drive letter, the task manager finds that sxs.exe or svohost.exe is different from the system process svchost.exe. Anti-Virus Software is automatically disabled and cannot be opened in real time.

I found many methods on the Internet and could not delete them effectively, and there was no exclusive tool.

Http://cctv1cn.com

Manually delete the sxs.exe virus:

Do not double-click the partition disk in the following process. If you need to open the partition disk, right-click it.

1. Disable virus processes

Ctrl + Alt + Del Task Manager. In the process, locate sxs or SVOHOST (not SVCHOST, but a letter different from each other). If yes, end the task.

2. Display hidden system files

Run -- regedit

HKEY_LOCAL_MACHINE \ Software \ Microsoft \ windows \ CurrentVersion \ explorer \ Advanced \ Folder \ Hidden \ SHOWALL, change the CheckedValue to 1

Note that the virus will delete the valid DWORD Value CheckedValue, create an invalid string value CheckedValue, and change the key value to 0! It is useless to change this to 1. (Some virus variants will delete the CheckedValue directly. You only need to re-create one as follows)

Method: Delete the CheckedValue, right-click New -- Dword Value -- name it CheckedValue, and modify its key value to 1, in this way, you can select "show all hidden files" and "Show System Files ".

In the folder -- tools -- folder option, set system files and hidden files to display

3. Delete viruses

Right-click the partition disk and choose "open". The autorun. inf and sxs.exe files are displayed in each disk and directory and deleted.

4. Delete automatic run items of Viruses

Open the registry and run -- regedit

HKEY_LOCAL_MACHINE> SOFTWARE> Microsoft> Windows> CurrentVersion> Run

The SoundMam key value is found. There may be two. Delete the key value C: \ WINDOWS \ system32 \ SVOHOST.exe

Finally, delete SVOHOST.exe or sxs.exe in the C: \ WINDOWS \ system32 \ directory.

After restarting the computer, you can find that the anti-virus software can be opened, and the partition disk can be opened by double-clicking.

V. Follow-up

Anti-virus software can be enabled in real time, but cannot be automatically started

The simplest way is to add and delete components of anti-virus software -- repair.