,, etc. Virus removal methods

One: Problems and symptoms:
All viruses are easy to kill. C:\WINDOWS\system32\antivirus software cannot be killed. It is useless to suppress and regenerate it with PowerRmv. Please help solve it.
Two: Analysis and solution:
1. Turn off the system restore before antivirus (the Win2000 system can be ignored):
Right-click My computer, properties, system restore, turn off system restore on all drives and check it.
Clear IE's temporary files: Open IE Click Tools --> Internet Options: Temporary Internet files, click the "Delete File" button, and delete all offline content, and click OK to delete.
Close applications such as QQ. Please do not double-click to open the disk before performing the following operations. All downloaded tools are placed directly on the desktop.
2. Use the forced deletion tool XDelBox (File Deletion Terminator) to delete the files listed below.
[When deleting, copy all the paths to delete the files. Right-click in the list of files to be deleted and select Import from the clipboard. After importing, right-click the file to be deleted and select Restart and delete immediately. The computer will restart and enter the DOS interface for deletion. After the deletion is completed, it will automatically restart and enter the operating system you installed. Before operation, pay attention to saving the documents that are being opened on the computer. For detailed instructions on XDelBox, please refer to the xdelbox1.2 directory. 】

3. After restarting the computer, use tool SREng to delete the following items
[The following operations are risky, you must understand the above method before operating. 】
[After opening SREng, please ignore the error that reminds "The content of the function does not match the expected value and they may be modified by some malicious software". Please ignore the error after pretending to kill the soft-soft. 】
==================================
Start the project --> The following items of the registry are deleted
<{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\>    [N/A]
      <{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\>    [N/A]
==================================
Start the project --> Services --> Win32 service application    Delete the following items

[Background Intelligent Transfer Service / BITS][Stopped/Auto Start]
    <C:\WINDOWS\system32\ -k netsvcs-->C:\WINDOWS\system32\><N/A>
[DC0M Server Process Launher / DC0r][Stopped/Auto Start]
    <C:\WINDOWS\system32\><N/A>
[DNS CL1ENT / DNSCL1ENT][Running/Auto Start]
    <C:\WINDOWS\system32\NETW0R~><N/A>
[sdhcvs / edfscv][Stopped/Auto Start]
    <C:\WINDOWS\system32\ -service><Microsoft Corporation>
[Gray_Pigeon_Server1.2 / GrayPigeonServer1.2][Stopped/Auto Start]
    <C:\WINDOWS\G_Server1.><N/A>
[Std pbed Service / pbed][Stopped/Auto Start]
    <C:\WINDOWS\system32\ C:\PROGRA~1\hwsy\,Service -s><Microsoft Corporation>
[Messaging / Remote Procedure][Stopped/Auto Start]
    <C:\WINDOWS\system32\><N/A>
[Remote Procedure Call System(RPCS) / RpcS][Stopped/Auto Start]
    <C:\WINDOWS\system32\><N/A>
[Audio Adapter / VGADown][Running/Auto Start]
    <C:\WINDOWS\><N/A>
==================================
Start the project --> Services --> Delete the following items of the driver (if it cannot be deleted, set the type to disabled!)

[bktybu2 / bktybu25][Running/Boot Start]
    <\SystemRoot\System32\DRIVERS\><Microsoft Corporation>
[cozlqk72 / cozlqk72][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\drivers\><N/A>
[jvardz2 / jvardz24][Running/Boot Start]
    <\SystemRoot\System32\DRIVERS\><N/A>
[ukffsz5 / ukffsz58][Running/Boot Start]
    <\SystemRoot\System32\DRIVERS\><N/A>
SREng Repair Location: System Repair --->Windows Shell/IE Click Select All, click "Repair"
SREng Location: System Repair --> Fix winSock Supplier Click "Reset All Content to Default Value"
Finally, use 360 ​​Security Guard. Download address: Clean up all the detected points (delete)