Today I visited WZ and saw this. What is more interesting is the two long-lost DOS batch processing commands.
Today, I will help a friend who doesn’t know much about computers to clear viruses through remote connections. I saw a bunch of runauto... directories, and then I looked at c:\windows\ in the process, and I confirmed it was gray pigeon 07.
Many manual clearing methods found require installation of iceswords or to safe mode. But it is inconvenient to do these under remote control (the network is also slower). First, I tried to kill the dllhost process and delete the file by writing taskkill and delete on the command line. As a result, I found that the dllhost quickly rebuilds the process and locks it, causing the deletion to always fail.
Later I found a way to fight violence with violence. It is very simple. Open two command line windows and execute them separately:
Execute in the first cmd window: for /l %a in (1,0,2) do taskkill /f /im
Execute in the second cmd window: for /l %a in (1,0,2) do attrib -h -s -r c:\windows\ & del c:\windows\
At the beginning, you will see an error that the file cannot be deleted. After waiting for a few seconds, I found that it had been successfully deleted, which was manifested as the taskkill report could not find the process; the attrib and del reports could not find the file. At this time, use ctrl+c to abort these two dead loops.
The principle is very simple. These two are dead loops (from 1 to 2, but the step size is 0), one kills desperately and the other kills desperately. There will always be a time point where del can be killed before the process is rebuilt.
At present, all three of my friends’ machines have been successfully removed. Of course, after this, remember to delete and delete the IFEO hijacking in the registry.
Today, I will help a friend who doesn’t know much about computers to clear viruses through remote connections. I saw a bunch of runauto... directories, and then I looked at c:\windows\ in the process, and I confirmed it was gray pigeon 07.
Many manual clearing methods found require installation of iceswords or to safe mode. But it is inconvenient to do these under remote control (the network is also slower). First, I tried to kill the dllhost process and delete the file by writing taskkill and delete on the command line. As a result, I found that the dllhost quickly rebuilds the process and locks it, causing the deletion to always fail.
Later I found a way to fight violence with violence. It is very simple. Open two command line windows and execute them separately:
Execute in the first cmd window: for /l %a in (1,0,2) do taskkill /f /im
Execute in the second cmd window: for /l %a in (1,0,2) do attrib -h -s -r c:\windows\ & del c:\windows\
At the beginning, you will see an error that the file cannot be deleted. After waiting for a few seconds, I found that it had been successfully deleted, which was manifested as the taskkill report could not find the process; the attrib and del reports could not find the file. At this time, use ctrl+c to abort these two dead loops.
The principle is very simple. These two are dead loops (from 1 to 2, but the step size is 0), one kills desperately and the other kills desperately. There will always be a time point where del can be killed before the process is rebuilt.
At present, all three of my friends’ machines have been successfully removed. Of course, after this, remember to delete and delete the IFEO hijacking in the registry.