What kind of virus is PWSteal.Trojan? Norton can only isolate, what should I use to kill?

PWSteal.Trojan is the most common Trojan virus that attempts to obtain typed names and passwords. Passwords are usually sent to anonymous e-mails.

1. First, set the system to "Show hidden files", because the virus is disguised as a hidden attribute

, and you will not be able to see it without this setting. The setting method is as follows ( If the system has already made this setting, you can skip this step):

Open "My Computer"; Open the menu "Tools/Folder Options" in turn; Then in the pop-up "Folder Options" dialog box Switch to the "View"

page; Remove the check mark in front of "Hide protected operating system files (recommended)" and leave it unchecked; In the "Advanced Settings" list box below

Change the "Don't show hidden files and folders" option to the "Show all files and folders" option; remove the "Hide extensions for known file types"

Previous checkbox and make it unselected; finally click "OK".

2. Press the "Ctrl Alt Del" key to pop up the task manager, find the EXPL0RER.EXE process (note that the fifth letter is the number 0, not the letter O), find it Then select it and click "End Process" to end the Trojan removal process. Then do the following step quickly

The reason why you have to do it quickly is because if you act slowly, the Trojan may automatically recover and run again, so that other Trojan files cannot be deleted

(If the EXPL0RER.EXE process runs again, you need to redo this step);

3. Open the resource manager and enter the "System Directory\Winnt\System32" (if your win2000/nt/xp installation On the C drive, it is:\Winnt\System32). Find the EXPL0RER.EXE file (note that the fifth letter is the number 0, not the letter O) and the SysModule32.dll file, and then delete them directly. If a similar prompt like "The file is in use and cannot be deleted" is reported at this time, it means that the Trojan has been restored again, and you need to start from the second step

Repeat, and be sure to move quickly from the second to the third step , here it is recommended to open the resource manager to select these files to be deleted, and then do the second step

That is, just after finishing the EXPL0RER.EXE process, immediately turn around and delete these two files. This will generally It will be successful;

Four. Also find the SysModule64.dll file in the "System Directory\Winnt\System32" directory and try to delete it, but if it reports "This

"The file is in use and cannot be deleted" and other similar prompts do not matter, we will introduce how to delete this file later in the seventh step;

5. Open the resource manager and enter the "System Directory\Winnt". Find a

MFCD3O.DLL file and delete it manually;

6. Open "Start/Run", enter "regedit" and "OK" to open the registration

Table editor, find the "HKEY_CLASSES_ROOT\CLSID\{081FE200-A103-11D7-A46D-C770E4459F2F}" key and delete the entire "{081FE200

-A103-11D7-A46D-C770E4459F2F}" key delete.

7. Log off the current user or log in again or restart the computer.

After that, follow the fourth step to delete the SysModule64.dll file. If everything is normal, you should be able to delete it now.