Virus cleanup techniques such as 608769m. BMP

Source: Internet
Author: User

Virus files include:
608769m. BMP crasos.exe kernelmh.exe servet.exe extends rpcs.exe compmgmt.exe upxdnd. dll mppds. dll cmdbcs. dll extends prnmngr.exe iexpl0re.exe rundl132.exe update3.exe servere.exe newinfo. Solution:
First, clear the temporary ie files: open the IE tool-> Internet Options-> Temporary Internet Files-> click the "delete file" button-> tick "delete all offline content"-> click "OK ".
Use Sreng to delete the following registry items: CopyCode The Code is as follows: <cmdbcs> <c: \ windows \ cmdbcs.exe>
<Upxdnd> <c: \ docume ~ 1 \ admini ~ 1 \ locals ~ 1 \ temp \ update3.exe>
<Mppps> <c: \ windows \ mppds.exe>
<Twin> <c: \ windows \ system32 \ twunk32.exe>
<> <C: \ Program Files \ common files \ microsoft shared \ msinfo \ newinfo. rxk>
<Compmgmt> <; c: \ windows \ system32 \ compmgmt.exe>
<Iz46z07lw> <; C: \ docume ~ 1 \ admini ~ 1 \ locals ~ 1 \ temp \ crasos.exe>
<Kernelmh> <; C: \ WINDOWS \ kernelmh.exe>
<Ntmsoprq> <; c: \ windows \ system32 \ ntmsoprq.exe>
<Qt3ii85kvbfc> <; C: \ RJE ~ 1 \ admini ~ 1 \ locals ~ 1 \ temp \ servere.exe>
<SCRNSAVE> <; c: \ windows \ system32 \ prnmngr.exe>
<Upxdnd> <; C: \ docume ~ 1 \ admini ~ 1 \ locals ~ 1 \ temp \ update3.exe>
<Viq88> <; C: \ w.e ~ 1 \ admini ~ 1 \ locals ~ 1 \ temp \ rundl132.exe>
<Wsttrs> <; C: \ WINDOWS \ wsttrs.exe>
<Yi4jgw1ff> <; C: \ police ~ 1 \ admini ~ 1 \ locals ~ 1 \ temp \ iexpl0re.exe>

Use Sreng to repair the following registry items:
<608769m. BMP>
Use SRE to delete the following services:
Remote Procedure Call System (rpcs)/rpcs
Windows systemdown/windowsdown
Use unlocker to delete the following files: copy Code the code is as follows: C: \ windows \ system32 \ mppps. DLL
C: \ release E ~ 1 \ admini ~ 1 \ locals ~ 1 \ temp \ upxdnd. dll
c: \ windows \ system32 \ cmdbcs. dll
c: \ windows \ system32 \ compmgmt.exe
C: \ docume ~ 1 \ admini ~ 1 \ locals ~ 1 \ temp \ crasos.exe
C: \ WINDOWS \ 608769m. BMP
c: \ windows \ system32 \ servet.exe
C: \ WINDOWS \ wsttrs.exe
C: \ windows \ system32 \ ntmsoprq.exe
C: \ windows \ kernelmh.exe
C: \ windows \ system32 \ rpcs.exe
c: \ windows \ system32 \ prnmngr.exe
C: \ WINDOWS \ mppds.exe
C: \ docume ~ 1 \ admini ~ 1 \ locals ~ 1 \ temp \ servere.exe
C: \ cmde ~ 1 \ admini ~ 1 \ locals ~ 1 \ temp \ update3.exe
C: \ docume ~ 1 \ admini ~ 1 \ locals ~ 1 \ temp \ rundl132.exe
C: \ w.e ~ 1 \ admini ~ 1 \ locals ~ 1 \ temp \ iexpl0re.exe
C: \ Program Files \ common files \ microsoft shared \ msinfo \ newinfo. rxk

restart the computer. The virus is done!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.