The removal of the logocmd.exe virus ended in failure.

There are more than n computers with friends starting on weekends Program It cannot run normally. Let's take a look. When there are multiple unknown NKS in the system, the package is logo=.exe?rundl132.exe=lyloader.exe, and so on. Of course, there is also a digital switch EXE file, which is a word: Chaos.
No way. Start in safe mode. Find all the new files in windows and subdirectories and delete them. In the registry, locate the self-starting point, and delete it. What is this virus BT, write files everywhere, windows, system32, driver, and Internet Explorer \ plugins, of course, there is a _ desktop. ini under the C-drive root directory. I thought it was almost the same. I restarted the machine.
Depressing. E: There is an EXE on the disk (Haha, I forgot the name now). Of course, there is also an Autorun under the root directory. INF, no way, safe mode, again, and create a folder with the same name as the file in the corresponding directory according to the virus, to prevent virus-generated files.
This time should work, right?
Slow. Why did it come out again? Despite this, the basic operation is still normal, but it is strange.
Update the virus database first. No response ?!
Go to the examples program directory and check the application program. At the top of the page, add more files with the. exe.exe extension. Finally, I understand what the bat of N in the temporary directory is. A virus is an executable file running in the monitoring system. You can use bat to rename the original executable file and forge it yourself to check whether the file was created or modified, however, the version 1.0.0.0 is fixed. Actually, anti-virus software has been replaced by viruses. Every time I run it, it is a virus :(
I wanted to update it back, but some of them could, and some would be viruses. The original virus is weak, and it is always a replacement. In general, all the tool software and downloaded installation programs are virus (version 1.0.0.0, but those files are definitely not of this version ).
Failed. Even if the files with viruses are manually cleared, there are more than n exe files in the system or virus copies. You can only use the last method: Format and reinstall the system. Fortunately, this virus is not infected with non-executable files, and the data is basically normal.
Later, I checked the online processing solution, and the results were not the same. For example, rundl132.exe is in Windows or system32, which is in the Windows \ Uninstall directory and does not generate a DLL. DLL does not generate virdll under the root directory. DLL. After the virus is run on the internet, it seems that the original EXE can be restored from the shell, just like the antivirus software virus library update and processing, and it is no longer usable, so many EXE files have been infected, so it is impossible to get off the shell and infect other EXE files one by one?
The cost of re-installation for machines that watch movies and play games is still relatively low.