Technical Analysis In fact, in most cases, if the picture is convenient, the redoing system can be solved. However, situation 1, the customer is unwilling to re-use the system. The host is the unit worker. Second, this is not a virus, but the registry has been tampered with and can be restored through modification.
Solution regedit (register edit) Open the registry editor
Then find HKEY_CURRENT_USER\Console\%SystemRoot%_system32_cmd.exe
Change the CodePage option to hexadecimal 3a8 or decimal "936"
Hexadecimal "000003a8" or decimal "936", which means "936 (ANSI/OEM - Simplified Chinese GBK)".
Hexadecimal "000001b5" or decimal "437", which means "437 (OEM - United States)".
Solution regedit (register edit) Open the registry editor
Then find HKEY_CURRENT_USER\Console\%SystemRoot%_system32_cmd.exe
Change the CodePage option to hexadecimal 3a8 or decimal "936"
Hexadecimal "000003a8" or decimal "936", which means "936 (ANSI/OEM - Simplified Chinese GBK)".
Hexadecimal "000001b5" or decimal "437", which means "437 (OEM - United States)".