I don’t know when the specific day my Maxthon browser seems to be unable to intercept advertisements from some websites. Things like QQ advertisements appear from time to time in the lower right corner of the screen. At first, I thought it was advertisements from websites and QQ. But the more you use it, the more you become, the more you don’t have a QQ advertisement. The entire advertisement that comes out is a link. Unlike the QQ advertisement, there is a box outside the QQ advertisement. If the mouse is placed on it, it will not become a hand shape. This advertisement, no matter where the mouse is placed, it will be hand shape. I began to suspect that I was caught. I could not check and upgrade the antivirus software to the latest. I opened the browser and searched online. I found that some friends had also been caught with this kind of *. However, the method provided by the netizen could not delete the *. I had no choice but to "do it" myself. The following is my entire process of manually clearing *s, and I wrote it to share with you.
1. Regular operation
Open the task manager and check the process, but found no bad processes.
2. Dig deeper
Run Regedit, expand HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run in turn. When you see that there is indeed a new guy, Advapi32. When you see the key value, it actually loads a Dll file. This file is located in the _IS_0518 directory under the C:\WINDOWS\Downloaded Program Files directory. It's easy to find the root cause. You just delete the startup item first and then delete the corresponding * file. However, when you go to the C:\WINDOWS\Downloaded Program Files directory, you find that these files are not visible at all (the display hidden file items are enabled). And after restarting, the startup item appears again. Obviously, this * monitors the registry and the file is hidden. In order to eliminate thoroughly, the following steps are performed after entering safe mode (hold the F8 key or Ctrl key when powering on until the startup menu appears).
Before the third step, I tried to delete the * file directly using the fourth step, but found that the * did not disappear after restarting, so I preliminarily judged that the * had a backup file.
3. Clear * backup files
Open "My Computer" and enter the C:\Windows directory. I found a suspicious directory Backup. When I went in, I found that the Dll file loaded by the startup item was also inside, but the startup item loaded not the file in this directory. Obviously, this directory is a * backup. I deleted this backup directory first, but I just deleted it, and this directory was re-established in about one or two seconds. This * is really cunning. It can also automatically load and monitor backup files in safe mode. Once the backup file is deleted, it will be established again immediately. As the saying goes, "return the other person to the other person's way", it can monitor and automatically create a backup directory. If I can delete the directory first and then create a directory in front of it, wouldn't it be enough? Because Windows does not allow two files or directories with the same name under the same directory. But the interval between the backup directory being deleted to re-established is too short, and manual processing is definitely not possible, so just use batch processing from the Dos era! First create the following batch file, named as double slashes followed by comments, and there is no need to enter it during actual operation.
Move c:\windows\backup c:\windows\bak //Rename the Backup directory to Bak
Md c:\windows\backup //Create Backup directory under C:\windows
At this time, open "My Computer", enter the C:\windows directory in turn, and delete the Bak directory, that is, the * backup file has been deleted.
1. Regular operation
Open the task manager and check the process, but found no bad processes.
2. Dig deeper
Run Regedit, expand HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run in turn. When you see that there is indeed a new guy, Advapi32. When you see the key value, it actually loads a Dll file. This file is located in the _IS_0518 directory under the C:\WINDOWS\Downloaded Program Files directory. It's easy to find the root cause. You just delete the startup item first and then delete the corresponding * file. However, when you go to the C:\WINDOWS\Downloaded Program Files directory, you find that these files are not visible at all (the display hidden file items are enabled). And after restarting, the startup item appears again. Obviously, this * monitors the registry and the file is hidden. In order to eliminate thoroughly, the following steps are performed after entering safe mode (hold the F8 key or Ctrl key when powering on until the startup menu appears).
Before the third step, I tried to delete the * file directly using the fourth step, but found that the * did not disappear after restarting, so I preliminarily judged that the * had a backup file.
3. Clear * backup files
Open "My Computer" and enter the C:\Windows directory. I found a suspicious directory Backup. When I went in, I found that the Dll file loaded by the startup item was also inside, but the startup item loaded not the file in this directory. Obviously, this directory is a * backup. I deleted this backup directory first, but I just deleted it, and this directory was re-established in about one or two seconds. This * is really cunning. It can also automatically load and monitor backup files in safe mode. Once the backup file is deleted, it will be established again immediately. As the saying goes, "return the other person to the other person's way", it can monitor and automatically create a backup directory. If I can delete the directory first and then create a directory in front of it, wouldn't it be enough? Because Windows does not allow two files or directories with the same name under the same directory. But the interval between the backup directory being deleted to re-established is too short, and manual processing is definitely not possible, so just use batch processing from the Dos era! First create the following batch file, named as double slashes followed by comments, and there is no need to enter it during actual operation.
Move c:\windows\backup c:\windows\bak //Rename the Backup directory to Bak
Md c:\windows\backup //Create Backup directory under C:\windows
At this time, open "My Computer", enter the C:\windows directory in turn, and delete the Bak directory, that is, the * backup file has been deleted.