Many friends are infected by moving the disk copy, especially the U disk, especially in the Internet café, when you copy the thing is, use DOS to enter your mobile disk dir/a display all files, if found in the Recruit, There are Sxs.exe and Autorun.inf. Create a notepad in a non-root directory, named Sxs.exe create a Autorun.inf content can be empty or add [autorun]shutdown= Sxs.exe replaces the Sxs.exe and Autorun.inf of the mobile disk. You won't be infected when you get home.
It's strange to me. Not easy to use Kaspersky detected D and e root directory has this thing, and four or five there are other Trojans, even hidden folder can not open, svchost how also deleted (a move on restart), there is no netcount such things ~ depressed ...
When browsing the web, it was installed in the background without permission (I also set a high level of security), super play PA and memory and there are three or four kinds of bar what search tools, automatic pop-up clutter of the Web page, system can quickly drop, too slow even my computer will not open, resulting in Norton can not upgrade online, The registry has written countless yok.com and other information, and has been automatically ejected from the page after unloading, this is simply rogue software, the so-called recall what the Million Dragon or the Dragon Company, incredibly still in the software left the phone, 010-64311335, call the past to ask them also shy face said it is not a virus, in the Nine Cents Bridge star Branch Building Block C, it's said that Block C is all their company, I feel puzzled, you a "big" company, how can make so disgusting thing, bundle a rogue software also just, also install in the background ~ ~ Very quietly is stationed into other people's system, also bundle n a rogue software, And in the system of each disk in the root directory generated two hidden files, one is what INI file, another called "Sxs.exe" file, double-click after no response. There are several suspicious processes inside the program manager, two of which mimic the system process. Call what SVOHOST.EXE and system process svchost.exe like, another file that mimics the system process forgot what to call, and a sysmini.exe, in the process of writing this post, I popped up countless pages to interrupt my complaint, and those processes would run themselves after a manual end.
What kind of virus is Sxs.exe?
You're a modified rose virus.
Can end SxS process deletion, remember, right mouse button into the hard drive
Press Ctrl+shift+esc three keys at the same time to open Windows Task Manager
Select the "Process" tab inside
Look for "Sxs.exe" under "Image name" but click on it and select "End Process"
Be sure to end all the "sxs.exe" processes
Open My Computer Click Folder Options under the Tools menu
Click the View tab to set the
"Hide protected operating system files (recommended)" Check in front of the cancellation
and select the "Show All Files and folders" option below
Click "OK"
With the right mouse button point C disk (can not double-click!) ) Select "Open"
Delete "Autorun.inf" Files and "Sxs.exe" files under C disk
Select "Open" with the right mouse button on the D disk.
Delete the "Autorun.inf" file and the "Sxs.exe" file under D disk (another file is also, an. exe deleted it)
......
And so on, delete all the AUTORUN on the disk. INF files and "Rose.exe" files
Click Start Select "Run" enter "regedit" (no quotes), carriage return
Expand the Registry Editor to the left of my computer >hkey_local_machine>software>microsoft>windows>currentversion>run
Delete the ROSE (C:\windows\system32\SXS.exe) item in the Run item
Close Registry Editor
And then restart the computer
Remove the hard drive is Rose:
Press the SHIFT key to insert the USB drive until the computer prompts "new hardware to use"
Turn on My Computer
At this point on the U disk icon on the right mouse button to choose "Open" (not important to play automatically or double-click!) )
Delete SXS.exe and Autorun.inf files The virus is gone.
The first time ever encountered such a stubborn virus, online looking for, there is no uniform name, rising called TROJAN.PSW.QQPASS.PQB virus, I call it sxs.exe virus it
After reloading the system, double-click the partition disk again in the, depressed, rising automatic shutdown can not open, decided to manually delete it
Phenomenon: System files hidden cannot be displayed, double-click the letter does not reflect, Task Manager found Sxs.exe or Svohost.exe (with the system process svchost.exe a word of the difference), anti-virus software real-time monitoring automatic shutdown and can not open
Find a lot of methods on the Internet, can not be effectively deleted, and no Kill tools
Http://cctv1cn.com
To manually delete the Sxs.exe virus method:
You must not double-click the partition disk in the following procedure, and you need to open it with the right mouse button-open
First, shut down the virus process
Ctrl + Alt + Del Task Manager, find SxS or svohost in the process (not svchost, one letter), and then end it.
Second, show the hidden system files
Run--regedit
Hkey_local_machine\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showall, Modify the CheckedValue key value to 1
Notice here, the virus will be valid DWORD value CheckedValue deleted, a new invalid string value CheckedValue, and the key value to 0! It's no use changing this to 1. (Some of the virus variants will directly delete this checkedvalue, just like the following, you can build a new one on it)
Method: Delete the CheckedValue key value, right-click the new--dword value-named CheckedValue, and modify its key value of 1 so that you can select Show all hidden files and show system files.
Set system files and hidden files to display in folder--Tools--Folder Options
Third, remove the virus
Right-click on the partition disk-open and see that there are Autorun.inf and sxs.exe two files in each disk and directory and delete them.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
