The viruses transmitted through the U disk have always been very powerful. N computers were once destroyed by him~The variants are increasingly renovated, and the computer room is poisoned again... There are hidden files under each drive letter, the icons are Conan's avatar and autorun, and the virus system is introduced.
Hidden files cannot be displayed through the folder option.
After repeated searches, this virus is the latest variant, and there are very few methods for detection and killing on the Internet. Now it is provided as follows, for reference only:
————
Solution:
***Tip: During the anti-virus process, be careful not to double-click the drive letter, right-click to "open"! ***
1. End the process and other suspicious processes.
2. Show hidden system files.
Run - regedit
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL, change the CheckedValue key value to 1
** Note: The virus will delete the originally valid DWORD value CheckedValue, create a new invalid string value CheckedValue, and change the key value to 0! It is useless for us to change this to 1.
Modify method: Delete this CheckedValue key value, right-click to create a new - Dword value - name it CheckedValue, and then modify its key value to 1. Then, in the Folder - Tools - Folder options, you can select "Show all hidden files" and "Show system files".
3. Delete the hidden files (Conan avatar) and (the process needs to be terminated) in the system directory system32 folder.
4. Start - Run -msconfig and delete the startup item of the above virus.
Right-click on disk, E, F... and select Open to delete the files under each disk letter.
Check whether the above process is still there. If there is still a signal that the virus has not been cleared, repeat the above steps until the anti-virus is completed!
You can use the USB drive virus special tool to kill viruses
USBCleaner4.0 download of USB drive virus killing tool
/files/148851/USBCleaner.4.
Viral behavior analysis:
Generate file:
C:\WINDOWS\system32\ 38,464 bytes
C:\WINDOWS\system32\ 39,424 bytes
C:\WINDOWS\system32\ 38,464 bytes
U:\
U:\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\showall\checkedvalue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell
C:\windows\system32\
Hidden files cannot be displayed through the folder option.
After repeated searches, this virus is the latest variant, and there are very few methods for detection and killing on the Internet. Now it is provided as follows, for reference only:
————
Solution:
***Tip: During the anti-virus process, be careful not to double-click the drive letter, right-click to "open"! ***
1. End the process and other suspicious processes.
2. Show hidden system files.
Run - regedit
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL, change the CheckedValue key value to 1
** Note: The virus will delete the originally valid DWORD value CheckedValue, create a new invalid string value CheckedValue, and change the key value to 0! It is useless for us to change this to 1.
Modify method: Delete this CheckedValue key value, right-click to create a new - Dword value - name it CheckedValue, and then modify its key value to 1. Then, in the Folder - Tools - Folder options, you can select "Show all hidden files" and "Show system files".
3. Delete the hidden files (Conan avatar) and (the process needs to be terminated) in the system directory system32 folder.
4. Start - Run -msconfig and delete the startup item of the above virus.
Right-click on disk, E, F... and select Open to delete the files under each disk letter.
Check whether the above process is still there. If there is still a signal that the virus has not been cleared, repeat the above steps until the anti-virus is completed!
You can use the USB drive virus special tool to kill viruses
USBCleaner4.0 download of USB drive virus killing tool
/files/148851/USBCleaner.4.
Viral behavior analysis:
Generate file:
C:\WINDOWS\system32\ 38,464 bytes
C:\WINDOWS\system32\ 39,424 bytes
C:\WINDOWS\system32\ 38,464 bytes
U:\
U:\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\showall\checkedvalue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell
C:\windows\system32\