Wincfgs.exe Virus Removal Method _ virus killing

Source: Internet
Author: User

Virus file: Wincfgs.exe (C:\windows\system32\wincfgs.exe)
Virus Name: TROJANSPY.USBPY.A
Introduction: The virus is mainly transmitted through U disk, with a poisonous u disk there is a Autorun.inf automatic installation files and a Recycle Bin similar folder, which has a Autorun.exe the main file and a Recycle Bin icon, are added some attributes, and Autorun.exe is not displayed under Windows, you can use the dir/a command in DOS to see.
On the poisoned machine, a KB20060111.exe file is generated in the Windows directory with a Notepad icon, and a Wincfgs.exe file is available in the System32 directory, and the Wincfgs.exe process can be seen in the process manager.
Related symptom: The boot automatic ammunition Notepad, modifies the system startup item, some software does not respond
Transmission channels: U disk and other mobile storage
Harmfulness: No destructive, just boot out of Notepad.

Recommended Antivirus method: manual killing
Related steps:
1, Ctl+alt+del open Task Manager to end the WINCFGS process.
2, control surface version-Folder Options-set display system files and hidden files.
3, delete C:\windows\KB20060111.exe (perhaps the filename is different, and notepad the same blue icon).
4, delete the C:\windows\system32\wincfgs.exe (Yellow question mark icon hidden system files).
5. Start-run-regedit-Enter Registry Editor-edit-Find-Remember to select the three search options for "item, value, data", Search for "KB20060111.exe", delete the found item/value, press F3 to find the next and delete item/value until the search is complete. The same search deletes ". \recycler\recycler\autorun.exe" and "Wincfgs.exe" related items/values.
6, registry-[hkey_current_user\software\microsoft\windows\currentversion\run] Clean up the boot-initiated items associated with the WINCFGS. (Since step 5th has been deleted, skip if Wincfgs dependencies are not seen)
7, start-run-msconfig-point of the last "start"-Cancel "Wincfgs"-ok-reboot-reboot after asking you whether every boot will show * * *, choose No. (Not seen Wincfgs Startup items skipped)
8, end.

Best format Disk

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.