Many friends are infected when copying things through mobile disks, especially USB drives, especially in Internet cafes. When you finish copying things, use DOS to enter your mobile disk dir/a to display all files. If you find that you have a hit, then create a notepad in a non-root directory. Name it to create a content that can be empty, or you can add [autorun] shutdown= to replace the mobile disk. You won't be infected when you go home
I was very strange. I finally found out that there is this thing in the root directory of D and E using Kaspersky, and there are other *s in the fourth and fifth places. I can't even open the hidden folders. I can't delete SVCHOST (restart it as soon as I move), and there is no such thing as netcount ~ depressed...
When browsing the web, it was installed in the background without permission (I also set a high security level). Super Broadcaster and Yiduoduo, as well as three or four bars, searching and tools, and it automatically popped up messy web pages. The system performance dropped rapidly and was so slow that even my computer could not be opened, which led to Norton's inability to upgrade online. Countless and other information were written in the registry, and the web pages were still popped up from time to time after uninstalling. This is simply a rogue software. What is the so-called Yiduoduo called Yilong or Yilong Company, and he actually left a phone number on the software, 010-6431 1335. I called to ask them that they were still shameless and said that they were not a virus. In Building C of Jiuxianqiao Star Science Building, it is said that Block C is their company. I wondered, how could you do such a disgusting thing as a "big" company? It would be fine to bundle a rogue software, but it would also be installed in the background~~ I quietly stayed in other people's system, and I also bundled N rogue software, and two hidden files were generated in the root directory of each disk of the system, one was an ini file, and the other was called "", and there was no reaction after double-clicking. There are several suspicious processes in the program manager, two of which imitate the system process, and the name is very similar to the system process. The other one has forgotten what the name is. Another one is that the file that imitates the system process is called. In the process of writing this post, countless web pages pop up to interrupt my accusation. Those processes will run themselves after a while after manually ending.
What virus is it
This is your modified ROSE virus
You can end the process deletion of SXS. Remember to use the right mouse button to enter the hard disk.
Press Ctrl+Shift+Esc at the same time to open the Windows Task Manager
Select the "Process" tag inside
Find "" under "Image Name" but click it and select "End Process"
Be sure to end all "" processes
Open My Computer Click "Folder Options" under the Tools menu
Click the "View" tab to put the "Advanced Settings" in
The checklist before "Hide protected operating system files (recommended)" Cancel
And select the "Show all files and folders" option below
Click OK
Right-click the C drive (no double-click!) Select "Open"
Delete the "" file and "" file under the C drive
Right-click on disk D and select "Open"
Delete the "" file and "" file under D disk (there is another file, which is also a .exe. It also deleted it)
……
And so on Delete all files and "" files on disk
Click Start, select "Run" and enter "regedit" (without quotes), enter
Expand My Computer > HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Run
Delete the ROSE (c:\windows\system32\) project in the Run item
Close the Registry Editor
Then restart the computer
Delete the hard disk and it is ROSE:
Press the shift key and insert the USB flash drive until the computer prompts "new hardware can be used"
Turn on my computer
At this time, right-click the icon on the USB flash drive and select "Open" (don't click Automatic Play or Double-click!)
Delete and file viruses are gone
The first time in history has encountered such a stubborn virus, I searched online, but there is no unified name. Rising calls it a virus, so I'll call it a virus.
After reinstalling the system, the double-click partition disk was hit again. I was depressed. Rising automatically closed and could not be opened. I decided to delete it manually.
Phenomenon: System file hidden and cannot be displayed, double-clicking the drive letter has no response, Task Manager finds or (one word difference from the system process), the real-time monitoring of the antivirus software is automatically closed and cannot be opened
I found many methods online but could not be deleted effectively, and there was no special killing tool.
Manually delete "virus" method:
During the following process, you must not double-click the partition disk. If you need to open it, use the right mouse button - Open
1. Close the virus process
Ctrl+ Alt+ Del Task Manager, look for sxs or SVOHOST in the process (not SVCHOST, one letter different) and end it if there is one.
2. Show hidden system files
Run-regedit
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL, change the CheckedValue key value to 1
Note here that the virus will delete the originally valid DWORD value CheckedValue, create an invalid string value CheckedValue, and change the key value to 0! It is useless for us to change this to 1. (Some virus variants will delete this CheckedValue directly, just like the following and rebuild one by yourself)
Method: Delete this CheckedValue key value, right-click to create a new - Dword value - name it CheckedValue, and then modify its key value to 1, so that you can select "Show all hidden files" and "Show system files".
Set system files and hidden files to show in the Folder - Tools - Folder options
3. Delete the virus
Right-click on the partition disk - open it and see that there are two files and two files under each disk and directory, and delete them.
4. Delete the automatic running items of the virus
Open the registry and run - regedit
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Run
Find the SoundMam key value below. There may be two. Delete the key value of C:\\WINDOWS\system32\\
Finally, delete it in the C:\\WINDOWS\system32\ directory or
After restarting the computer, I found that the antivirus software can be opened and the partition disk can be opened by double-clicking it.
5. Follow-up
The real-time monitoring of the antivirus software can be turned on, but it cannot be automatically run when it is turned on.
The easiest way is to execute the addition and removal of antivirus software - repair,
I was very strange. I finally found out that there is this thing in the root directory of D and E using Kaspersky, and there are other *s in the fourth and fifth places. I can't even open the hidden folders. I can't delete SVCHOST (restart it as soon as I move), and there is no such thing as netcount ~ depressed...
When browsing the web, it was installed in the background without permission (I also set a high security level). Super Broadcaster and Yiduoduo, as well as three or four bars, searching and tools, and it automatically popped up messy web pages. The system performance dropped rapidly and was so slow that even my computer could not be opened, which led to Norton's inability to upgrade online. Countless and other information were written in the registry, and the web pages were still popped up from time to time after uninstalling. This is simply a rogue software. What is the so-called Yiduoduo called Yilong or Yilong Company, and he actually left a phone number on the software, 010-6431 1335. I called to ask them that they were still shameless and said that they were not a virus. In Building C of Jiuxianqiao Star Science Building, it is said that Block C is their company. I wondered, how could you do such a disgusting thing as a "big" company? It would be fine to bundle a rogue software, but it would also be installed in the background~~ I quietly stayed in other people's system, and I also bundled N rogue software, and two hidden files were generated in the root directory of each disk of the system, one was an ini file, and the other was called "", and there was no reaction after double-clicking. There are several suspicious processes in the program manager, two of which imitate the system process, and the name is very similar to the system process. The other one has forgotten what the name is. Another one is that the file that imitates the system process is called. In the process of writing this post, countless web pages pop up to interrupt my accusation. Those processes will run themselves after a while after manually ending.
What virus is it
This is your modified ROSE virus
You can end the process deletion of SXS. Remember to use the right mouse button to enter the hard disk.
Press Ctrl+Shift+Esc at the same time to open the Windows Task Manager
Select the "Process" tag inside
Find "" under "Image Name" but click it and select "End Process"
Be sure to end all "" processes
Open My Computer Click "Folder Options" under the Tools menu
Click the "View" tab to put the "Advanced Settings" in
The checklist before "Hide protected operating system files (recommended)" Cancel
And select the "Show all files and folders" option below
Click OK
Right-click the C drive (no double-click!) Select "Open"
Delete the "" file and "" file under the C drive
Right-click on disk D and select "Open"
Delete the "" file and "" file under D disk (there is another file, which is also a .exe. It also deleted it)
……
And so on Delete all files and "" files on disk
Click Start, select "Run" and enter "regedit" (without quotes), enter
Expand My Computer > HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion > Run
Delete the ROSE (c:\windows\system32\) project in the Run item
Close the Registry Editor
Then restart the computer
Delete the hard disk and it is ROSE:
Press the shift key and insert the USB flash drive until the computer prompts "new hardware can be used"
Turn on my computer
At this time, right-click the icon on the USB flash drive and select "Open" (don't click Automatic Play or Double-click!)
Delete and file viruses are gone
The first time in history has encountered such a stubborn virus, I searched online, but there is no unified name. Rising calls it a virus, so I'll call it a virus.
After reinstalling the system, the double-click partition disk was hit again. I was depressed. Rising automatically closed and could not be opened. I decided to delete it manually.
Phenomenon: System file hidden and cannot be displayed, double-clicking the drive letter has no response, Task Manager finds or (one word difference from the system process), the real-time monitoring of the antivirus software is automatically closed and cannot be opened
I found many methods online but could not be deleted effectively, and there was no special killing tool.
Manually delete "virus" method:
During the following process, you must not double-click the partition disk. If you need to open it, use the right mouse button - Open
1. Close the virus process
Ctrl+ Alt+ Del Task Manager, look for sxs or SVOHOST in the process (not SVCHOST, one letter different) and end it if there is one.
2. Show hidden system files
Run-regedit
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL, change the CheckedValue key value to 1
Note here that the virus will delete the originally valid DWORD value CheckedValue, create an invalid string value CheckedValue, and change the key value to 0! It is useless for us to change this to 1. (Some virus variants will delete this CheckedValue directly, just like the following and rebuild one by yourself)
Method: Delete this CheckedValue key value, right-click to create a new - Dword value - name it CheckedValue, and then modify its key value to 1, so that you can select "Show all hidden files" and "Show system files".
Set system files and hidden files to show in the Folder - Tools - Folder options
3. Delete the virus
Right-click on the partition disk - open it and see that there are two files and two files under each disk and directory, and delete them.
4. Delete the automatic running items of the virus
Open the registry and run - regedit
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Run
Find the SoundMam key value below. There may be two. Delete the key value of C:\\WINDOWS\system32\\
Finally, delete it in the C:\\WINDOWS\system32\ directory or
After restarting the computer, I found that the antivirus software can be opened and the partition disk can be opened by double-clicking it.
5. Follow-up
The real-time monitoring of the antivirus software can be turned on, but it cannot be automatically run when it is turned on.
The easiest way is to execute the addition and removal of antivirus software - repair,