Joke Collection Website - Public benefit messages - I believe that so far, no one can solve Troy, which is so tragic!
I believe that so far, no one can solve Troy, which is so tragic!
I have bad luck on Monday. I met www.47555.net while searching for conversation data, and then I did a bunch of bad things on my machine. It took me a whole day to recover ... because the online information is incomplete, only scattered parts, and the anti-virus software can't be clear and clean (the virus will also shut down the well-known anti-virus software and search once every 1 second-_-).
Ps: Before doing the following, please make sure that you can view hidden files, including system protection files.
(1) General programs are exe files. The first step to remove the virus is to start and close the exe association. Open the registry with regedit (the default virus will add a shell to the exe file, and it can be used normally by renaming regedit.bat), find the path HKEY _ Classes _ root \ EXIFLE \ shell \ open \ command, clear the key value on the right, and then log off the user, so that some viruses in the exe file cannot be started.
(2) Delete the dll file. The virus will add a shell when executing the file, and it will automatically call interapi64.dll or interapi32.dll. Each time it executes a file (xls, bat, etc. Exe banned @ @), it will open a svch0st.exe program in the process (why not? It's a virus anyway-_-).
Clear: close svch0st.exe in the process (look carefully, the virus changed the original O to 0, and svchost.exe is a normal process), search interapi64.dll and interapi32.dll in the registry, and empty the key value after finding it. Then log off the user. Then find interapi64.dll and interapi32.dll under c:\windows\system32 and delete them.
(3) The main virus program codes are all in c:\windows\system32\cq0dll.dll, which I don't know. Everything else has been deleted, and there will still be-_-. After the operation just now, you can delete this directly.
(4) Perform the following cleaning work and delete files.
del c:\windows\smss.exe
del c:\windows\lsass.exe
del c:\windows\services.exe
del c:\ windows \ system32 \ yyd 55dg . exe
del c:\windows\system32\SVCH0ST。 Extensions of executable programs
del c:\ progra ~ 1 \ explorer . exe
del c:\windows\delttoul.exe
del c:\windows\cqdll.dll
del c:\windows\ywin32.dll
del c:\ windows \ system32 \ CQ 0 dll . dll
del c:\ windows \ system32 \ winsocks . dll
del c:\ windows \ system32 \ interapi 32 . dll
del c:\ windows \ system32 \ interapi 64 . dll
del c:\ windows \ system32 \ winmen . exe
del c:\ windows \ m 1 crosoftsound . wav
discontinue
Lazy friends can make this paragraph into a bat file for execution. ....
C: \ progra ~1\ explorer.exe must be deleted. ...
(5) restore the registry
Under the operation of HKEY _ Current _ User \ Software \ Microsoft \ Windows \ Current Version \, delete the projects that start lsass.exe, smss.exe, explorer.exe and services.exe.
HKEY _ current _ user \ software \ Microsoft \ Windows \ current version \ running service items are all deleted.
Delete the running key value under HKEY _ current _ user \ software \ Microsoft \ Windows NT \ current version \ Windows.
Under HKEY _ local _ machine \ software \ Microsoft \ Windows \ currentversion \ run, delete the projects that start lsass.exe, smss.exe, explorer.exe and services.exe.
HKEY _ local _ machine \ software \ Microsoft \ Windows \ current version \ running service items are all deleted.
HKEY _ Local _ Machine \ Software \ Microsoft \ Windows NT \ Current Version \ Winlogon finds the shell project on the right and changes the key value to Explorer.exe.
The right side of the HKEY _ class _ root \ EXEFLE \ shell \ open \ command is changed to "%1"%*
Close the registry and restart.
(6) After startup, the virus should be basically cleared, but don't forget to select the property item of Internet Explorer, change the home page to other contents ... and empty the temporary files (still keep the executed virus files).
After the above operations, the virus has been cleared, at least not on my machine again-_-
Ps: It is said that this virus is used to steal the password of legendary account. ...
I hate playing legends, I have no technical content.
But making Troy's horse so good-
Ewido doesn't seem to be able to.
- Related articles
- Opening hours of Zhangshu Mobile Business Hall
- How does Handan Unicom charge Ruyitong?
- How to send text messages in Tianzhu MC's Bluetooth hands-free phone system?
- What should I do if I send a text message to the leader asking for leave and don't reply?
- Can CSGO mobile phone tokens be obtained in steam official website?
- What are the payment terms of Suisui Kang Insurance?
- Goose overdue 1900, half a year, they said that the judicial prosecution of me, is it true?
- 2022 Zhumadian is restricted from Monday to Friday.
- y22lWhy can’t audio be added to text messages?
- Will Everbright Xinglong Trust Co., Ltd. make a credit report at the meeting if it is overdue for one day?