Many teachers have problems with the machine. Look at one of them in the process. After the process is over, several more will appear in a while. It is very likely that they have been infected with the gray pigeon virus. Let’s post the method to remove this virus. Please ask teachers who have similar situations on the machine to use this method to kill the virus.
Gray pigeon virus
The characteristic of gray pigeon is "three hidden" - hidden processes, hidden services, and hidden virus files. After Gray Pigeon 2005 infects the system, it registers itself as a system service and generates a set of (3) hidden virus files in the same directory; the virus file names are variable, but there are certain rules.
To clear gray pigeons, you still need to operate in safe mode. There are two main steps: 1. Clear gray pigeon services; 2. Delete gray pigeon program files.
Note: To prevent misoperation, be sure to make a backup before clearing.
Since gray pigeons hide themselves in normal mode, the operation of detecting gray pigeons must be carried out in safe mode. The method to enter safe mode is: start the computer, press the F8 key before the system enters the Windows boot screen (or hold down the Ctrl key when starting the computer), and select "Safe Mode" or "Safe Mode" in the startup options menu that appears.
1. Since the file itself has hidden properties, you need to set Windows to display all files. Open "My Computer", select "Folder Options" in the menu "Tools"—" click "View", cancel the checkmark before "Hide protected operating system files", and select "Show all files and folders" in the "Hide Files and Folders" item, and then click "OK".
2. Open Windows' "Search File", enter "_hook.dll" in the file name, and select the Windows installation directory (default 98/xp is C:\windows, 2k/NT is C:\Winnt).
3. After searching, we check whether there is a file named IEXPLORE_Hook.dll (which may also be other names, but the basic structure is _hook.dll).
4. According to the analysis of the principle of gray pigeon, we know that if IEXPLORE_Hook.DLL is a gray pigeon’s file, there will be a and file in the operating system installation directory. Open the Windows directory and there should be a file for recording keyboard operations.
After these steps, we can basically confirm that these files are gray pigeons and *s, and we can manually clear them below.
Hand-clearing of gray pigeons
1. Services for removing gray pigeons
2000/XP system:
1. Open the Registry Editor (click "Start" - "Run", enter "" and OK.), and open the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services registry key.
2. Click the menu "Edit" - "Find", enter "" in "Find Target", click OK, and we can find the service item of Gray Pigeon (this example is IEXPLORE_Server).
3. Delete the entire IEXPLORE_Server item.
98/me system:
Under 9X, there is only one gray pigeon start item, so it is easier to clear. Run the Registry Editor, open the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run item, we immediately see the item named and delete it.
2. Delete the Gray Pigeon Program Files
Deleting the Gray Pigeon program file is very simple. You only need to delete the IEXPLORE_Hook.dll and files in the Windows directory in safe mode, and then restart the computer. At this point, the gray pigeons have been removed.
Or please download ravgpk killing tool or Bingren
Gray pigeon virus
The characteristic of gray pigeon is "three hidden" - hidden processes, hidden services, and hidden virus files. After Gray Pigeon 2005 infects the system, it registers itself as a system service and generates a set of (3) hidden virus files in the same directory; the virus file names are variable, but there are certain rules.
To clear gray pigeons, you still need to operate in safe mode. There are two main steps: 1. Clear gray pigeon services; 2. Delete gray pigeon program files.
Note: To prevent misoperation, be sure to make a backup before clearing.
Since gray pigeons hide themselves in normal mode, the operation of detecting gray pigeons must be carried out in safe mode. The method to enter safe mode is: start the computer, press the F8 key before the system enters the Windows boot screen (or hold down the Ctrl key when starting the computer), and select "Safe Mode" or "Safe Mode" in the startup options menu that appears.
1. Since the file itself has hidden properties, you need to set Windows to display all files. Open "My Computer", select "Folder Options" in the menu "Tools"—" click "View", cancel the checkmark before "Hide protected operating system files", and select "Show all files and folders" in the "Hide Files and Folders" item, and then click "OK".
2. Open Windows' "Search File", enter "_hook.dll" in the file name, and select the Windows installation directory (default 98/xp is C:\windows, 2k/NT is C:\Winnt).
3. After searching, we check whether there is a file named IEXPLORE_Hook.dll (which may also be other names, but the basic structure is _hook.dll).
4. According to the analysis of the principle of gray pigeon, we know that if IEXPLORE_Hook.DLL is a gray pigeon’s file, there will be a and file in the operating system installation directory. Open the Windows directory and there should be a file for recording keyboard operations.
After these steps, we can basically confirm that these files are gray pigeons and *s, and we can manually clear them below.
Hand-clearing of gray pigeons
1. Services for removing gray pigeons
2000/XP system:
1. Open the Registry Editor (click "Start" - "Run", enter "" and OK.), and open the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services registry key.
2. Click the menu "Edit" - "Find", enter "" in "Find Target", click OK, and we can find the service item of Gray Pigeon (this example is IEXPLORE_Server).
3. Delete the entire IEXPLORE_Server item.
98/me system:
Under 9X, there is only one gray pigeon start item, so it is easier to clear. Run the Registry Editor, open the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run item, we immediately see the item named and delete it.
2. Delete the Gray Pigeon Program Files
Deleting the Gray Pigeon program file is very simple. You only need to delete the IEXPLORE_Hook.dll and files in the Windows directory in safe mode, and then restart the computer. At this point, the gray pigeons have been removed.
Or please download ravgpk killing tool or Bingren