This is a virus cleanup method long ago.
1. Find the pagefile. pif file of drive d to see when it was created. Deleted.
2. Use the System Restoration function to restore the system to the date before the virus was generated. In this way, there will be no viruses and associated processes in the system process. However, it seems that some people do not perform system restoration at this time (the prompt is "t
36,219
C: \ Program Files \ common files \ microsoft shared \ gvdetru. inf 169
C: \ Program Files \ common files \ microsoft shared \ tygxhqb.exe 36,219
C: \ Program Files \ common files \ System \ gvdetru. inf 169
C: \ Program Files \ common files \ System \ hmbduoj.exe 36,219
All other partitions: \ autorun. inf 169
All other partitions: \ pfcexkt.exe 36,219
All other partitions: \ niu.exe 30,625
To be skeptical, check whether the task ma
the registry and adds a key value at the following position in the registry:Hkey_local_machinesoftwaremicrosoftwindowscurrentversionpolicershellexecutehooksHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunHKEY_LOCAL_MACHINESOFTWAREClassesCLSIDVirus Propagation
Virus copies itself to each partition of the hard disk and removable storage devices to generate a virus file consisting of an
Characteristics of the virus:
The biggest feature of the virus is self-replicating, from the classification of viruses there are many kinds, here we will introduce the most popular add-onVirus, which is adapted to the normal file to achieve its own replication purposes.From a procedural point of view, we have two things to do:
1, so that the program can be copied to other programs without affecting the wo
[%repeat_0 match= "/data/option"%][%= @title%] [%= @count%] ticket [[%= @percent%]%]
[%_repeat_0%]
SXS. EXE this is a theft of QQ account password Trojan virus, the characteristics can be transmitted through removable disk. The virus's main harm is to steal QQ account and password, the virus will also end a large number of anti-virus software, reduce the securi
installation of Gray pigeon from the following path
Http://drsunbo.go2.icpcn.***/network.exe
5, in other partitions to generate Autorun.inf configuration files, even if you unbearable, reload the system, the next time you double-click another disk, restart the virus.
----------------------------------
[Autorun]
Open=sxs2.exe
Shellexecute=sxs2.exe
Shell/auto/command=sxs2.exe
------------------------
virus characteristics: Sxs.exe,autorun.inf files are automatically generated in each packing directory, and some are generated SVOHOST.exe or sxs.exe under Windows\System32, and the file attributes are implied attributes. Disable antivirus software automatically.
Sxs.exe Virus Manual Removal method
Ctrl + Alt + Del Task Manager, look in the process for SxS or svohost (not svchost, one letter), and then
In the middle of January this year, the network Supervision Department of Xiantao Public Security Bureau of Hubei Province conducted a survey on the producers of "panda incense" virus according to the unified deployment of the Security Supervision Bureau and provincial Police Department. After investigation, the producer of panda incense virus in Hubei province, Wuhan Li June, according to Li June, on Octob
Virus features: The sxs.exe and autorun. inf files are automatically generated under each root directory, and the svohost.exe or sxs.exe files are also generated under windows \ System32. the file attributes are hidden attributes. Disable anti-virus software automatically.
Delete sxs.exe virus manually
Ctrl + Alt + D
Virus introduction:
This is a download virus. It will close some security tools and anti-virus software and prevent them from running. It will also constantly detect windows to close some anti-virus software and security auxiliary tools and disrupt the security mode, delete some anti-
Autorun. INF file (see article 006th on Anti-Virus Defense: Using WinRAR and autorun. INF). You can check in cmd:
Figure 7 view hidden files
Because I have determined that the drive C contains Autorun. INF file, but the Dir command is not seen, it indicates that it should be hidden, so here you need to use the
startup items
We can quickly lock the parameter spoclsv.exe. We need to write down the file location first:
C: \ WINDOWS \ system32 \ drivers \ spoclsv.exe
Then the Registry location:
HKCU \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
Then, remove the prefix of the startup item to the corresponding location of the registration table, delete the run“spoclsv.exe, and delete the virus file body:
Figure 5 delete a
Auto virus killing can not only kill Ravmone, Rose, Panda and other known and unknown through U disk transmission virus, more importantly, the system can be active defense, automatic detection of the virus inserted into the U disk, so that your system autorun virus completel
Almost everyone who uses computers has ever experienced computer viruses and antivirus software. However, many people still have misunderstandings about viruses and anti-virus software. Anti-virus software is not omnipotent, but it is never a waste. The purpose of this article is to allow more people to have a correct understanding of anti-virus software and use
reports, you can choose the automatic repair function to repair the existence of the system.
(2) prohibit the automatic playback of mobile devices
Many Trojan viruses are run automatically, so when you open a mobile storage device, try not to use Autorun, and open it through a browser or explorer, or if the device has read-write protection, you can use the Read protection switch when copying data from the device to your computer. Stop the infection
Where is a bear cat burning incense?????Not a panda in incense, but all the EXE icon pocket into a burning 3 fragrant little panda, the icon is very cutePay in a manual way:Panda Variety Spoclsv.exe SolutionVirus name: WORM.WIN32.DELF.BF (Kaspersky)Virus alias: WORM.NIMAYA.D (Rising)win32.trojan.qqrobber.nw.22835 (Poison PA)Virus size: 22,886 bytesAdding Shell way: upackSample md5:9749216a37d57cf4b2e528c027
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.