1. Turn off system restore before antivirus (can be ignored by Win2000 system): Right-click My computer, properties, system restore, turn off system restore on all drives and check it.
Clear IE's temporary files: Open IE Click Tools --> Internet Options: Temporary Internet files, click the "Delete File" button, and delete all offline content, and click OK to delete.
Close applications such as QQ. Please do not double-click to open the disk before performing the following operations. All downloaded tools are placed directly on the desktop.
2. Use the forced deletion tool PowerRMV
Fill in the following files (including the complete path), check "Suppress kill object to generate again", click kill [If there is any prompt that cannot be found, please ignore the error and continue]
C:\WINNT\system32\ShellExt\
C:\WINNT\system32\ime\123
C:\WINNT\G_Server1.
C:\WINNT\G_Server1.
C:\WINNT\G_Server1.23_hook.dll
C:\WINNT\G_Server1.
C:\WINNT\
C:\WINNT\
Restart the computer and then enter safe mode to perform the following operations
--------------------------------------------------------------
All the following operations are required in safe mode.
[Safe Mode? Press and hold F8 when restarting the computer and select to enter safe mode]
--------------------------------------------------------------
The following project SRENG, click to edit:
Code:
Start the project---registration form
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINNT\system32\,C:\WINNT\system32\ShellExt\,> [N/A]
Edited as
<Userinit><C:\WINNT\system32\,>
The following items are deleted with SRENG
[After opening SREng, please ignore the error that reminds "The content of the function does not match the expected value and they may be modified by some malicious software". Please ignore the error after pretending to kill the soft-soft. 】
In addition: Please pay special attention to some of the items mentioned in the link above that are editable and cannot be deleted.
==================================
Code:
Start the project --> Services --> Delete the following items of Win32 service application
[ALookupSvc / Aplication Experience][Stopped/Auto Start]
<C:\WINNT\system32\ime\123><N/A>
[Gray_Pigeon_Server1.23 / GrayPigeonServer1.23][Stopped/Auto Start]
<C:\WINNT\G_Server1.><N/A>
[Serve / Server][Running/Auto Start]
<C:\WINNT\><N/A>
[Network Provisioning Service / xmlprov][Stopped/Auto Start]
<C:\WINNT\><N/A>
SREng Repair Location: System Repair --->Windows Shell/IE Click Select All, click "Repair"
SREng Location: System Repair -->HOSTS File Click "Reset" in red.
Finally, use Gray Pigeon Special Kill to review other files, pay attention to modifying QQ, online games and other account passwords, remember.
Clear IE's temporary files: Open IE Click Tools --> Internet Options: Temporary Internet files, click the "Delete File" button, and delete all offline content, and click OK to delete.
Close applications such as QQ. Please do not double-click to open the disk before performing the following operations. All downloaded tools are placed directly on the desktop.
2. Use the forced deletion tool PowerRMV
Fill in the following files (including the complete path), check "Suppress kill object to generate again", click kill [If there is any prompt that cannot be found, please ignore the error and continue]
Copy the codeThe code is as follows:
C:\WINNT\system32\ShellExt\
C:\WINNT\system32\ime\123
C:\WINNT\G_Server1.
C:\WINNT\G_Server1.
C:\WINNT\G_Server1.23_hook.dll
C:\WINNT\G_Server1.
C:\WINNT\
C:\WINNT\
Restart the computer and then enter safe mode to perform the following operations
--------------------------------------------------------------
All the following operations are required in safe mode.
[Safe Mode? Press and hold F8 when restarting the computer and select to enter safe mode]
--------------------------------------------------------------
The following project SRENG, click to edit:
Code:
Start the project---registration form
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINNT\system32\,C:\WINNT\system32\ShellExt\,> [N/A]
Edited as
<Userinit><C:\WINNT\system32\,>
The following items are deleted with SRENG
[After opening SREng, please ignore the error that reminds "The content of the function does not match the expected value and they may be modified by some malicious software". Please ignore the error after pretending to kill the soft-soft. 】
In addition: Please pay special attention to some of the items mentioned in the link above that are editable and cannot be deleted.
==================================
Code:
Start the project --> Services --> Delete the following items of Win32 service application
[ALookupSvc / Aplication Experience][Stopped/Auto Start]
<C:\WINNT\system32\ime\123><N/A>
[Gray_Pigeon_Server1.23 / GrayPigeonServer1.23][Stopped/Auto Start]
<C:\WINNT\G_Server1.><N/A>
[Serve / Server][Running/Auto Start]
<C:\WINNT\><N/A>
[Network Provisioning Service / xmlprov][Stopped/Auto Start]
<C:\WINNT\><N/A>
SREng Repair Location: System Repair --->Windows Shell/IE Click Select All, click "Repair"
SREng Location: System Repair -->HOSTS File Click "Reset" in red.
Finally, use Gray Pigeon Special Kill to review other files, pay attention to modifying QQ, online games and other account passwords, remember.