What is the TXP1atform.exe virus?

Pathological analysis

The TXP1atform.exe virus establishes the TXP1atform.exe under C:windowssystem32drivers, creates the. exe and Autorun.inf in all the root directories, and establishes desktop_ in all folders outside the system partition 1.ini (or even desktop_2, _3), infected with the extension exe, HTM files, modify, delete, add hundreds of registry keys, may also be in c:documents and settings in some folders to create a lot of files

Solutions and steps

Simple reload system, although the system disk has been purified, while the other drivers still have more than evil, once you double-click a drive or folder outside the system disk or an executable program, the virus will revive, again infect the system, the previous efforts are all in vain. So before reloading, we need to do some cleaning:

(Note: During the cleanup process, do not double-click to open the drive or folder or EXE, HTM file, otherwise cleanup may be in vain)

(a), open Task Manager, end the TXP1atform.exe process (you must do this first, otherwise the following delete the partition root directory of the. exe and Autorun.inf, two files are automatically generated within a few seconds)

(ii), use WinRAR to view each partition (here is a double click is safe), it will display all the hidden files. (Copy the file name of the. exe, create a folder somewhere, paste the file name of the copied. exe to the name of the new folder, useful later). Remove the hidden. exe and Autorun.inf from all partitions. If you have a removable storage device, delete the two files that are hidden

(iii), hidden in the system outside the Desktop_1.ini (and even desktop_2, _3) a large number of manual removal is extremely troublesome, using the search procedures also do not see their traces, so to use batch processing. The method is to create a new text file, copy the following and save it, arbitrarily name it, and change the extension to bat:

@echo off

ECHO is clearing, please wait ...

Del c:desktop_1.ini/f/s/q/A

Del d:desktop_1.ini/f/s/q/A

Del e:desktop_1.ini/f/s/q/A

Del f:desktop_1.ini/f/s/q/A

Del g:desktop_1.ini/f/s/q/A

Del h:desktop_1.ini/f/s/q/A

Del i:desktop_1.ini/f/s/q/A

Del c:desktop_2.ini/f/s/q/A

Del d:desktop_2.ini/f/s/q/A

Del e:desktop_2.ini/f/s/q/A

Del f:desktop_2.ini/f/s/q/A

Del g:desktop_2.ini/f/s/q/A

Del h:desktop_2.ini/f/s/q/A

Del i:desktop_2.ini/f/s/q/A

Del c:desktop_3.ini/f/s/q/A

Del d:desktop_3.ini/f/s/q/A

Del e:desktop_3.ini/f/s/q/A

Del f:desktop_3.ini/f/s/q/A

Del g:desktop_3.ini/f/s/q/A

Del h:desktop_3.ini/f/s/q/A

Del i:desktop_3.ini/f/s/q/A

Echo cleared, complete.

Exit

Use the following one to be immune!

@echo off

ECHO is terminating the virus process and immune, please wait a moment ...

taskkill/f/im TXP1atfOrm.exe

Del c:windowssystem32driverstxp*.exe/f/s/q/A

MD c:windowssystem32driverswww

ren c:windowssystem32driverswww TXP1atfOrm.exe

attrib c:windowssystem32driverswww TXP1atfOrm.exe +r +s +h

ECHO is clearing a virus-generated junk file, please wait ...

Del c:windowstasks*.job/f/s/q/A

Del c:desktop_1.ini/f/s/q/A

Del d:desktop_1.ini/f/s/q/A

Del e:desktop_1.ini/f/s/q/A

Del f:desktop_1.ini/f/s/q/A

Del g:desktop_1.ini/f/s/q/A

Del h:desktop_1.ini/f/s/q/A

Del i:desktop_1.ini/f/s/q/A

Del c:desktop_2.ini/f/s/q/A

Del d:desktop_2.ini/f/s/q/A

Del e:desktop_2.ini/f/s/q/A

Del f:desktop_2.ini/f/s/q/A

Del g:desktop_2.ini/f/s/q/A

Del h:desktop_2.ini/f/s/q/A

Del i:desktop_2.ini/f/s/q/A

Echo cleared!

(iv), delete the infected exe and HTM files. Can download 360 anti-virus software, after installation scan hard disk, mobile device, most likely found that almost all of the EXE and HTM files are infected, can only delete

And then reload the system and it's OK.

To prevent reinfection, it is necessary to:

Copy the newly created folder to the root of each partition (this folder with the same name cannot be replaced by a virus, but if you replace it with a file of the same name, you will be replaced with a virus, so be sure to use a folder). Then, in each root directory, build a folder named Autorun.inf. For insurance purposes, you can also create a folder named TXP1atform.exe in the C:windowssystem32drivers directory.

A simple Cleanup method

Use an ice blade or 360 to force the c:windowssystem32driverstxp1atform.exe to be removed or crushed, and then scan the cleanup with the cleaning assistant, OK