Sxs.exe virus exclusive tool: "Orange August exclusive tool. bat"

Virus features: The sxs.exe and autorun. inf files are automatically generated under each root directory, and the svohost.exe or sxs.exe files are also generated under windows \ System32. the file attributes are hidden attributes. Disable anti-virus software automatically.

Delete sxs.exe virus manually

Ctrl + Alt + Del Task Manager, search for sxs or SVOHOST in the process (not SVCHOST, with a different letter ), if yes, terminate the process. (Not all systems have this process. If no process exists, skip this step ).

Show Hidden Files. If not, open the WordPad and save the following code as a "show hidden system file. reg" file. Then run it!

Copy codeThe Code is as follows: Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden \ SHOWALL]
"RegPath" = "Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced"
"CheckedValue" = dword: 00000001

(Delete the virus auto-Start entry) Open the registry and run -- regedit

HKEY_LOCAL_MACHINE> SOFTWARE> Microsoft> Windows> CurrentVersion> Run
Find the SVOHOST.exe, sxs.exe, or SoundMam (note that it is not a soundman, only one letter is missing) key value, there may be two, delete the key value is C: \ WINDOWS \ system32 \ SVOHOST.exe.
Open notepad, copy the following code, save it as the "Orange August sxs killing tool. bat" file, and then run it!Copy codeThe Code is as follows: echo.
@ Echo :::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::
@ Echo: Stop the running SXS. EXE and SVOHOST. EXE processes. Please wait ......
@ Echo :::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::
TASKKILL/F/T/im sxs. EXE
TASKKILL/F/T/im svohost. EXE
TASKKILL/F/T/im rose. EXE
Color 4F
Color 0C
Color 4F
Color 0C
Color 4F
Color 0C
Echo.
Echo.
@ Echo :::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::
@ Echo: The items that do not show hidden files in the Registry are restored. Please wait.
@ Echo :::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::
ECHO Windows Registry Editor Version 5.00> SHOWALL. reg
ECHO [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden \ SHOWALL]> SHOWALL. reg
ECHO "CheckedValue" =-> SHOWALL. reg
ECHO [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Advanced \ Folder \ Hidden \ SHOWALL]> SHOWALL. reg
ECHO "CheckedValue" = dword: 00000001> SHOWALL. reg
@ Echo :::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::
@ Echo: Delete the SXS. EXE, SVOHOST. EXE, and WINSCOK. DLL files in the system directory. Please wait ......
@ Echo :::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::
ATTRIB-R-H-S-A % SystemRoot % \ System32 \ SXS. EXE
ATTRIB-R-H-S-A % SystemRoot % \ System32 \ SVOHOST. EXE
ATTRIB-R-H-S-A % SystemRoot % \ System32 \ WINSCOK. DLL
DEL/F/Q/A-R-H-S-A % SystemRoot % \ System32 \ SXS. EXE
DEL/F/Q/A-R-H-S-A % SystemRoot % \ System32 \ SVOHOST. EXE
DEL/F/Q/A-R-H-S-A % SystemRoot % \ System32 \ WINSCOK. DLL
ATTRIB-R-H-S-A % SystemRoot % \ SXS. EXE
ATTRIB-R-H-S-A % SystemRoot % \ SVOHOST. EXE
ATTRIB-R-H-S-A % SystemRoot % \ WINSCOK. DLL
DEL/F/Q/A-R-H-S-A % SystemRoot % \ SXS. EXE
DEL/F/Q/A-R-H-S-A % SystemRoot % \ SVOHOST. EXE
DEL/F/Q/A-R-H-S-A % SystemRoot % \ WINSCOK. DLL
ATTRIB-R-H-S-A % SystemRoot % \ System \ SXS. EXE
ATTRIB-R-H-S-A % SystemRoot % \ System \ SVOHOST. EXE
ATTRIB-R-H-S-A % SystemRoot % \ System \ WINSCOK. DLL
DEL/F/Q/A-R-H-S-A % SystemRoot % \ System \ SXS. EXE
DEL/F/Q/A-R-H-S-A % SystemRoot % \ System \ SVOHOST. EXE
DEL/F/Q/A-R-H-S-A % SystemRoot % \ System \ WINSCOK. DLL
ATTRIB-R-H-S-A % SystemRoot % \ System32 \ dllcache \ SXS. EXE
ATTRIB-R-H-S-A % SystemRoot % \ System32 \ dllcache \ SVOHOST. EXE
ATTRIB-R-H-S-A % SystemRoot % \ System32 \ dllcache \ WINSCOK. DLL
DEL/F/Q/A-R-H-S-A % SystemRoot % \ System32 \ dllcache \ SXS. EXE
DEL/F/Q/A-R-H-S-A % SystemRoot % \ System32 \ dllcache \ SVOHOST. EXE
DEL/F/Q/A-R-H-S-A % SystemRoot % \ System32 \ dllcache \ WINSCOK. DLL
@ Echo :::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::
@ Echo: Delete the SXS. EXE and AUTORUN. INF files under each partition. Please wait .......
@ Echo :::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::
FOR % a IN (C: D: E: F: G: H: I: J: K: L: M: N: O: P: Q: R: S: t: U: V: W: X: Y: Z:) do attrib-R-H-S-A % a \ SXS. EXE & DEL/F/Q/A-R-H-S-A % a \ SXS. EXE & ATTRIB-R-H-S-A % a \ AUTORUN. INF & DEL/F/Q/A-R-H-S-A % a \ AUTORUN. INF
@ Echo :::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::
@ Echo: Delete the auto-Start entry in the registry. Please wait ......
@ Echo :::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::
ECHO Windows Registry Editor Version 5.00> SoundMam. reg
ECHO [-HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \ SoundMam]> SoundMam. reg
ECHO [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run]> SoundMam. reg
ECHO "SoundMam" =-> SoundMam. reg
REGEDIT/S SoundMam. reg
DEL/F/Q SoundMam. reg

REGEDIT/s showall. reg
DEL/F/q showall. reg
Color 3f
Echo.
@ Echo the virus file has been cleared!
Echo.
Echo.
Echo.
@ Echo
@ Echo
@ Echo
@ Echo
@ Echo
@ Echo
@ Echo
Echo.
@ Echo
Echo.
@ Echo
Echo.
@ Echo
Echo.
@ Echo
Echo.
Echo.
Echo.
Echo.
Pause
Echo.
Echo.
Echo.
Echo.
Echo.
Echo.
Echo.

Delete the BAT of virus files on each disk:Copy codeThe Code is as follows: cd
C:
Attrib sxs.exe-a-h-s
Del/s/q/f sxs.exe
Attrib autorun. inf-a-h-s
Del/s/q/f autorun. inf
D:
Attrib sxs.exe-a-h-s
Del/s/q/f sxs.exe
Attrib autorun. inf-a-h-s
Del/s/q/f autorun. inf
E:
Attrib sxs.exe-a-h-s
Del/s/q/f sxs.exe
Attrib autorun. inf-a-h-s
Del/s/q/f autorun. inf
F:
Attrib sxs.exe-a-h-s
Del/s/q/f sxs.exe
Attrib autorun. inf-a-h-s
Del/s/q/f autorun. inf
G:
Attrib sxs.exe-a-h-s
Del/s/q/f sxs.exe
Attrib autorun. inf-a-h-s
Del/s/q/f autorun. inf