Trojan Horse snatched my system last night

One time I read a message in the group: Who will check whether there is a virus on the station .. Http: // WWW. ***. com. I have nothing to do. So I went .. (I forgot the URL. 8)
I don't know. I was really scared when I went there .. Is a DJ site. First, several windows are displayed .. I thought it was okay. Suddenly, my monitor flashed. . When the display is normal, the resolution is changed to 16 colors. Check the tray area in the task sample. A red-colored icon is added ..
Dizzy .. What is it .. Right-click the icon. . All are E files .. My E files are all bad (this is a trojan horse server program)/When the MOUSE is placed on the icon, I will see my IP address .. The common experience is: the newcomers are not good! Click its settings menu. There are many options in the menu .. I changed it. I have not changed the tray area icon. What should I do. At that time, I directly used the program named slave.exe .. (Access is denied in the task manager !) Later, I was busy with other tasks. No symptoms have been found yet!

Who knows the resolution will automatically change to 16 colors when I restart the system for the second time. Because the icon of the file is gone. I have no idea where to find it .. Dizzy.
So I checked the registry according to the original method. Check whether there are any suspicious startup items. Check. Nothing. There are only a few required system processes. internat.exe svchost.exe (I installed the Internet Information Manager and started the WEB site and FTP. That's why I didn't doubt him. I used the tools that can normally watch the system startup (Super Rabbit. Msconfig I am a W2k system and copied from 98 !). There are some messy programs in the startup Item. Deleted. Restart .........
　　
Although the speed is not as slow as it was just now. However, the automatic resolution change is still not completed. At that time, I did not dial the number when I restarted. Of course it is not connected to the Internet. At this time, the CPU and program usage are normal:
Screen. width-461) window. open (http://up.2cto.com/Article/200411/20041106233650296.gif); "src =" http://www.bkjia.com/uploads/allimg/131129/1530292413-0.gif "width = 564 onload =" if (this. width> screen. width-460) this. width = screen. width-460 "border = 0 orig_onmouseout =" null "orig_onmouseover =" null ">
At this time, I really found that the system was back to normal. So I played for a while. The CPU usage frequency is also normal. Inverted ,. What's going on? Is it related to networking. Now I am beginning to suspect that svchost.exe has a problem... Not only that. Now I think about slave.exe, this program, I used the process killer to directly speed the program, and then found it hidden in my temporary folder .. C: Documents and SettingsAdministratorLocal SettingsTemp. I believe this may be because the site is downloaded from a temporary file. I deleted it directly. Start it. Resolution has returned to normal, and will not automatically change to 16 colors .. Haha /.. Fortunately, this "difficult" attack is not over yet ..

Dial the number to access the Internet. QQ has not been fully launched yet. The web page is just opened/. The CPU frequency is rushed up. Let's see which program is in use. Dizzy. Inetinfo.exe accounts for 90% ~ 99%... What's going on? Open and view the DLL and EXE files called by this program. Khan ,. Dare to call my 990 processes ..
This is the second screenshot. So there are fewer! [S: 27]
Screen. width-461) window. open (http://up.2cto.com/Article/200411/20041106233650864.gif); "src =" http://www.bkjia.com/uploads/allimg/131129/1530294O6-1.gif "width = 564 onload =" if (this. width> screen. width-460) this. width = screen. width-460 "border = 0 orig_onmouseout =" null "orig_onmouseover =" null ">
No wonder my machine is as slow as a snail bait .. First, I shut down QQ and opened web pages, and then broke the line. And then it returns to normal .. Next let's take a look:
This operation can be performed only when the process is disconnected or ended. So I only have a disconnection. I'm just a cainiao. This technology may not be available for manual repair. However, an EXE file starting with VMM is also found. After deletion. None of my programs have been successfully called by inetinfo.exe! (Because the Trojan on this program has been deleted by me. :) This is the so-called "Trojan Horse ".. Haha .. It's my honor !) I changed N anti-virus tools... A lot of things have been killed. Okay .. (The file is finally completely cleared when it is not running in any Trojan horse file !) .. Banglaibang. I don't know how much it is .. More than 900 .. Khan. I still don't know how many ports it opened ......

Everything is back to normal .. Finally, I can drive my machine into space for implementation... (In the "difficult" way, I also met a wooden star. I accidentally found the STOP error when I restarted Skynet. My 2 k blue screen... unfortunately, I forgot the error code. Because I did not expect it to be "Trojan "!)

We also recommend information about Trojan Horse. Free can go to see: http://member.netease.com /~ Netsurfe/inet/safe_tlym.htm

Okay .. Put aside some mistakes in the text and ask everyone to correct them .. 3Q or contact me directly to split the couple. Q: 8787673 Thank you again!