When a computer gets poisoned, many friends open the process manager and turn off a few unfamiliar programs, but sometimes this happens: turn off one, then close the other, and the one that just closed runs again. Again from the registration table after the start of the deletion, restart the test, just deleted those startup items restored.
Because the computer only installed an operating system, there is no way to remove these viruses under another system. Download the special Kill tool on the internet, still can't kill off.
So toss and turn, the virus did not kill, at this time how to do? Now we recommend a method.
The first step: enter cmd in start → Run and open the Command Prompt window.
The second step: input ftypeexefile=notepad.exe%1, the meaning of this sentence is to use "notepad" to open all the exe files. So the original virus won't start.
Step Three: Restart your computer, and you'll see a lot of "notepad" open. Of course, this not only has virus files, there are some original system files, such as: Input Method program.
Step Fourth: Right click on any file, select "Open by", then click "Browse", go to WindowsSystem32, select Cmd.exe, so you can open the Command Prompt window again.
The fifth step: Run ftypeexefile=%1%*, all EXE files associated with the restore. Now run antivirus software or directly back to the registry, you can kill the virus.
Sixth step: In each "Notepad", click on the menu "file → Save as", you can see the path and file name. Find the virus file, manually delete it, but be careful, you must be sure it is a virus to remove. It is recommended that these files be renamed and noted, after restarting, if there is no virus mischief, there is no system problems, and then delete.
The use of ftype
In Windows, the Ftype command is used to display and modify open programs that are associated with different file name extensions. Equivalent to modifying some of the contents of the "HKEY_CLASSES_ROOT" item in Registry Editor.
The basic use format for Ftype is: ftype[file type [=[open Method/Procedure]]]
For example, the ftypeexefile=notepad.exe%1 in the example above indicates that all files with a file type EXE (exefile as an EXE-type file) are opened through the Notepad program, and the following%1 represents the program itself (the one that was double-clicked).
Typeexefile=%1%* means that all EXE files are run directly (EXE can be run directly, so use%1 to represent the program itself), and the following%* represent all the parameters after the program command (which is why EXE files can run with parameters).