A blank notepad will pop up every time you start the system (but you are prompted to load the notepad when you run the msconfig startup item ). Although it does not have much impact, it is certainly a problem. When I plug my mobile hard drive (or USB flash drive) into the USB port and click the drive letter to enter, a blank notepad will pop up. Then, rising registry monitoring Program The display will be changed to "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ shellnoroam \ muicache"
"C: \ windows \ system32 \ wincfgs.exe ".
A desktop. ini is generated under the root directory of each disk (some mobile devices will create autorun. inf ).
Solution:
1. Batch Delete registry modification:
Copy the following text to notepad and save it as "wins_s_kill.bat" (note that the file type is "all files" when saving ")
CopyCode The Code is as follows: echo off
Tskill kb20060111
Tskill wincfgs
Del % WinDir % \ kb20060111.exe
Del % WINDIR % \ system32 \ wincfgs.exe
Reg Delete "HKEY_CURRENT_USER \ Software \ Microsoft \ WindowsNT \ CurrentVersion \
Windows "/V" LOAD "/F
Reg Add "HKEY_CURRENT_USER \ Software \ Microsoft \ WindowsNT \ CurrentVersion \
Windows "/V" LOAD "/T REG_SZ/D" "/F
2. Solutions for mobile devices (using USB flash drives as an example ):
After connecting to the USB, open my computer, right-click and select Open (do not click open directly or click Open "), on the menu bar, choose tools> Folder Options> View, and remove the check box before hiding protected system files (recommended. Delete the top.ini, wincfgs.exe, and autorun. inf in the drop-down disk. Manually delete the top.ini, wincfgs.exe, and autorun. inf files under each drive.
Another manual solution
Transmission path: Mobile storage such as USB flash drives.
Hazard: no damage at the moment, but the notebook jumps out of the boot, anti-virus software cannot detect the virus.
Manual deletion method:
Use the task manager, Trojan killer, or hijackthis to end the wincfgs process and delete c: \ windows \ kb20060111.exe (maybe the file name is different, and the blue icon is the same as NotePad), and C: \ windows \ system32 \ wincfgs.exe (the hidden system file of the yellow question mark icon ).
Start-run-regedit, enter the registration table, and search the registration table to delete wincfgs.exe. For example, you can delete the following items/subitems in the Registry: if not, you do not need to delete them !!!
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ shellnoroam \ muicache
C: \ windows \ kb20060111.exec
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ shared tools \ msconfig \ startupreg \ load = B * DZS
Run msconfig again or clear the startup item in the [HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run.