Virus files include: 608769M. BMP crasos.exe Kernelmh.exe servet.exe extends RpcS.exe compmgmt.exe upxdnd. dll mppd.dll cmdbcs. dll unzip iexpl0re.exe rundl132.exe update3.exe Servere.exe NewInfo. rxk
This does not know what viruses are recruited when you browse a webpage. As long as the virus is poisoned, a pile of virus files will be generated on your hard disk and distributed in folders on multiple system disks.
Worker.
Anti-Virus principle: in the security mode, find the service name of the program "cmdwsttrs.exe" in the service and disable it.
Search for all the file names on the hard disk and delete them. Go to the Registry and search for the names above. delete them all!
I did this. I recommend the following technical documents for your reference.
First, clear the temporary IE files: open the IE tool-> Internet Options-> Temporary Internet Files-> click the "delete file" button-> tick "delete all offline content"-> click "OK ".
Use SRE to delete the following registry items:
{Cmdbcs} {C: WINDOWScmdbcs.exe}
{Upxdnd} {C: 0000e ~ 1ADMINI ~ 1LOCALS ~ 1Tempupdate3.exe}
{Mppps} {C: WINDOWSmppds.exe}
{Twin} {C: WINDOWSsystem32twunk32.exe}
{}{ C: Program FilesCommon FilesMicrosoft SharedMSINFONewInfo. rxk}
{Compmgmt} {; C: WINDOWSsystem32compmgmt.exe}
{Iz46z07lw} {; C: DOCUME ~ 1ADMINI ~ 1LOCALS ~ 1Tempcrasos.exe}
{Kernelmh} {; C: WINDOWSKernelmh.exe}
{Ntmsoprq} {; C: WINDOWSsystem32ntmsoprq.exe}
{Qt3ii85kvbfc} {; C: RJE ~ 1ADMINI ~ 1LOCALS ~ 1TempServere.exe}
{Scrnsave} {; C: WINDOWSsystem32prnmngr.exe}
{Upxdnd} {; C: DOCUME ~ 1ADMINI ~ 1LOCALS ~ 1Tempupdate3.exe}
{Viq88} {C: RJE ~ 1ADMINI ~ 1LOCALS ~ 1Temprundl132.exe}
{Wsttrs} {; C: WINDOWSwsttrs.exe}
{Yi4jgw1ff} {; C: DOCUME ~ 1ADMINI ~ 1LOCALS ~ 1Tempiexpl0re.exe}
Use SRE to repair the following registry items:
{AppInit_DLLs} {608769M. BMP}
Use SRE to delete the following service items:
Remote Procedure Call System (RPCS)/RpcS
Windows SystemDown/WindowsDown
Use unlocker to delete the following files:
C: WINDOWSsystem32mppds. dll
C: 127e ~ 1ADMINI ~ 1LOCALS ~ 1Tempupxdnd. dll
C: WINDOWSsystem32cmdbcs. dll
C: WINDOWSsystem32compmgmt.exe
C: 127e ~ 1ADMINI ~ 1LOCALS ~ 1Tempcrasos.exe
C: WINDOWS8769M. BMP
C: WINDOWSsystem32servet.exe
C: WINDOWSwsttrs.exe
C: WINDOWSsystem32ntmsoprq.exe
C: WINDOWSKernelmh.exe
C: WINDOWSsystem32RpcS.exe
C: WINDOWSsystem32prnmngr.exe
C: WINDOWSmppds.exe
C: 127e ~ 1ADMINI ~ 1LOCALS ~ 1TempServere.exe
C: 127e ~ 1ADMINI ~ 1LOCALS ~ 1Tempupdate3.exe
C: 127e ~ 1ADMINI ~ 1LOCALS ~ 1Temprundl132.exe
C: 127e ~ 1ADMINI ~ 1LOCALS ~ 1Tempiexpl0re.exe
C: Program FilesCommon FilesMicrosoft SharedMSINFONewInfo. rxk
Finally, restart the computer. The virus is done!
Note: {} in this article is actually <> 〈〉