SoFunction
Updated on 2025-04-08

Virus removal method


Virus file: (c:\windows\system32\)
Virus name:
Introduction: The virus is mainly transmitted through the USB disk. There is an automatic installation file and a folder similar to a recycling bin in the USB disk with the virus. There is a main file and a recycling bin icon in it. Both have some attributes added and cannot be displayed under Windows. You can see it with the dir/a command in DOS.
On the poisoning machine, a notepad icon file will be generated in the Windows directory. There is a file in the system32 directory. The process can be seen in the process manager.
Related symptoms: Automatically pop up notepad when starting the computer, modify the system startup item, and some software has no response
Propagation method: mobile storage such as USB disk
Hazardous: Not destructive yet, just jump out of notebook when it is turned on.

Recommended antivirus method: manual detection and killing
Related steps:
1. Ctrl+Alt+Del Open the task manager and end the wincfgs process.
2. Control Panel - Folder Options - Set to display system files and hidden files.
3. Delete C:\windows\ (maybe the file name is different, the same blue icon as Notepad).
4. Delete C:\windows\system32\ (hidden system file of yellow question mark icon).
5. Start - Run - Regedit - Enter the Registry Editor - Edit - Find - Remember to select the three search options "item, value, and data", search "", delete the found item/value, press F3 to find the next one and delete the item/value until the search is completed. Similarly, search to delete the related items/values ​​of ".\RECYCLER\RECYCLER\" and "".
6. Registry - [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] Clean up the boot items related to wincfgs. (Because step 5 has been deleted, if you don’t see wincfgs related items, skip it)
7. Start - Run -msconfig - Click the last "Start" - Cancel "wincfgs" - OK - Restart - After restarting, ask if you will display *** every time you boot, select No. (If you don't see wincfgs startup item, you will skip it)
8. End.

It is best to format the disk