Trojan Dropper clearing Solution

Trojan-Dropper.Win32.Agent after the virus runs, the derived virus file is under the system directory. Add a Registry Startup entry to load the virus at startup. Connect to a website: update. *****. cn (****. 208.170.72), jump. *****. cn: 80 (***. 241.97.33 ). Download the virus file and run it on the local machine. Add the system service item and insert the BHO object of IE. And export the file to the % System32Drivers % directory, which makes it difficult to uninstall.

Clear Solution:

1. We recommend that you use the CERT Trojan line to completely clear the virus (recommended)

2. manually clear the file according to the behavior analysis and restore the relevant system settings.

(1) Use process management to disable virus processes

Cdnup.exe

(2) Delete Virus-derived files

% Program Files % CNNIC

% WINDOWSsystem32 % cdndisp. tmp

% WINDOWSsystem32 % cdnns. dll

% WINDOWSsystem32 % cdnprot. dat

% WINDOWSsystem32drivers % cdnprot. sys

% Documents and Settings USERNAME \ Local SettingsTemp \ % 1C

(3) restore the registry project of the virus modification, and delete the registry entry added by the virus.

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunCdnCtr key value: String: "extends programfiles=cnniccdncdnup.exe"

Hklmsoftwaremicrosoftwindowscurrentversionjavaserbrowser Helper Objects key value: String: "% programfiles % cnniccdncdnforie. dll"

HKEY_LOCAL_MACHINESYSTEMControlSet001ServicescdnprotDescriptionName key value: String: "cdnprot"

HKEY_LOCAL_MACHINESYSTEMControlSet001ServicescdnprotImagePath key value: Type: REG_EXPAND_SZ length: 29 (0x1d) bytes system32driverscdnprot. sys.