Mining virus in reloading system
Publish: 2021-04-14 20:41:54
1. In the mainstream currency circle, there is no such digital currency as global currency. I really can't say what advantages there are. It may be a very common counterfeit currency, or it may be a marketing currency, mainly for the purpose of profit. Of course, it can also be said that the purpose is to circle money. At present, this kind of digital currency is very rampant in China
it is suggested that players pay attention to bitcoin, Ruitai coin and Laite coin, which are the mainstream digital cryptocurrencies.
it is suggested that players pay attention to bitcoin, Ruitai coin and Laite coin, which are the mainstream digital cryptocurrencies.
2. There are a few that can't be bought, such as the wave ring, to be won in the fishing competition. You see, the boatman treasure interface shows the way to get the location
3. It is recommended to "start" and "run" directly. Input: regedit, open the windows registry, click above: "Edit" - "find" (don't check the whole word match, check everything else), input content: lovecloud, and then find out and delete all related contents in the registry
when you uninstall the malware, and you can't find any entries related to lovecloud in the registry, you can be sure to delete it completely.
when you uninstall the malware, and you can't find any entries related to lovecloud in the registry, you can be sure to delete it completely.
4. This shows that the image of the reload is also infected with a virus. You need to try another image. If you use a virus-free U disk to enter the PE format c disk and then ghost, the above problems will not appear again!
5. Re installing windows operating system is only to completely clear all the data in the system disk and re install the operating system. This operation will not affect other logical partitions, such as disk D, disk e, disk F and other non system disks
if the viruses are all in Disk C, then the operating system can completely clear these viruses. If the viruses not only exist in the system disk, but also in the system disk, Then, most of the viruses on other disks will infect the system disk partition again after the system is reinstalled, and your re installation of the operating system will not have any effect
how to correctly solve the problem of computer poisoning
the best recommended method
under Windows 10 operating system, you can scan your device through windows defender, The specific operation steps are as follows
- open the Windows Defender security center
- select virus and threat protection
- click to run a new advanced scan
- select full scan and click Scan now
Windows Defender will spend hours for a full scan, If there is a virus threat after scanning, you can directly delete the device to ensure that it is safe and virus-free. If you have doubts, you can conct a full disk scan again
if you have to re install the operating system to remove the virus, you don't care that the device will lose your personal files
when you re install the windows 10 operating system and select the logical partition of the system installation, Format all the logical partitions. When performing this operation, you can fully understand the virus files. Of course, your personal files will not be left. I strongly do not recommend this operation
if the viruses are all in Disk C, then the operating system can completely clear these viruses. If the viruses not only exist in the system disk, but also in the system disk, Then, most of the viruses on other disks will infect the system disk partition again after the system is reinstalled, and your re installation of the operating system will not have any effect
how to correctly solve the problem of computer poisoning
the best recommended method
under Windows 10 operating system, you can scan your device through windows defender, The specific operation steps are as follows
- open the Windows Defender security center
- select virus and threat protection
- click to run a new advanced scan
- select full scan and click Scan now
Windows Defender will spend hours for a full scan, If there is a virus threat after scanning, you can directly delete the device to ensure that it is safe and virus-free. If you have doubts, you can conct a full disk scan again
if you have to re install the operating system to remove the virus, you don't care that the device will lose your personal files
when you re install the windows 10 operating system and select the logical partition of the system installation, Format all the logical partitions. When performing this operation, you can fully understand the virus files. Of course, your personal files will not be left. I strongly do not recommend this operation
6. You need a 360 barrel
7. 1 disk has a problem
2 D.E.F disk has a virus, do not double-click to open it
2 D.E.F disk has a virus, do not double-click to open it
8. It is recommended that you use the CD-ROM to start up and re partition. Partition magic is a good tool, and then re install the system. As for the lack of 80g, it is because the capacity unit on the hard disk is different from that in the computer system
9. On the top of the second floor,
I have experienced it< According to our insiders, rising itself is a big virus
using zonealarmpro firewall is a good idea
X. the manual and clear method of virus "webworm":
virus damage (severe): turn the whole computer into a "zombie" computer
virus features: all disks are forced to set "auto play" to occupy computer resources. The computer is slow
1< br />3 System "run dos" input regedit to open the registry, then open HKEY_ CLASSES_ ROOT/HKEY_ CLASSES_ ROOT\ Directory / "shell" will delete the whole shell< br />4 Delete all autorun files in the computer and delete them completely. Be sure to delete it completely
5. The main obvious symptom is that the hidden files cannot be displayed. In different cases, another symptom is that the subdirectories cannot be opened in the same window
when the virus file breaks out, the recycled process will run. Copy the recycled.exe and autorun.inf files in the root directory of each disk, and it is possible to replace the rundll32.exe system file
6. I think there is no way to crack the Trojan except to use the tool to view the process to stop the Trojan, modify the shell item and delete the Trojan file.
manual cleaning steps:
1 open the task manager and close the recycled.exe and rundll32 processes. It is recommended to keep the task manager open all the time ring the cleaning process. If the recycled.exe process runs again, You're going to start cleaning again
2 run regedit to open the registry editor
[HKEY]_ LOCAL_ MACHINE\ SOFTWARE\ Microsoft\ Windows\< br />CurrentVersion\ Explorer\ Advanced\ Folder\ Hidden\ SHOWALL]
" CheckedValue" = 00000000
change the value of this item to 1
[HKEY]_ LOCAL_ MACHINE\ SOFTWARE\ Microsoft\ Windows NT
\ CurrentVersion\ Winlogon]
" SFCDisable" = 00000001
change the value of this item to 0
search recycled.exe, and then delete the whole shell key on the left
3 search recycled.exe and autorun.ini, check the hidden file & folder, search all disks, including mobile hard disk and U disk, and delete the two files in the root directory
4 use SFC to check the protected files of the system
you can also use Ruixing to check and kill C: &; windows\ system32\ Msvci.exe, and then delete other files. It's more reliable to enter safe mode, but it may not be deleted in normal mode< 11. Windows.exe prompt Trojan horse
process file: wins or wins.exe
process location: system or C: &# 92
program name: bkdr_ Spybot. I or W32 / RBOT dzw
program purpose: IRC backdoor Trojan virus, worm
process analysis: after the backdoor service program runs, it connects with the IPC server, and performs all the tasks needed by the malicious person, such as virus download and information theft, according to the malicious instructions set by the server. The virus uses Microsoft: (ms03-001), (ms03-007), (MS03-026) buffer overflow vulnerability, SQL Server weak password vulnerability, operating system vulnerabilities (including dcom-rpc, LSASS, WebDAV and UPnP) and other backdoors, worms and Trojans to spread. The virus modifies the registry to create a system service, which is self starting< 12. Tools: sreng2.0<
poisoning symptoms: Rising Firewall and anti-virus software Symantec service are deleted, the system slows down, can't access the web page, etc.
you need to pay attention to the following points:
1: start - program - start - wnso.lnk
2: C: &# 92; program files\ common files\ Rggzs
3: show and hide system files, C: & # 92; documents and settings\ Personal account; Templates\ Da0fas5 directory, which contains a.dll, b.dll, c.dll, and its attribute comments are described as soft report studio< br />4:c:\ WinNT (version 2000) & #92; system32\ Under the drivers directory: font.sys, rd.sys, roreg.sys; Md.sys (in addition, there are bkexxg29.sys and hhfrwr2.sys, I don't know if they are their drivers, if so, please let me know)
5: C: &# 92; winnt\ Report.dll, wmpkn.dll
6: Win32 service application in system32 directory
deletion steps:
start in safe mode
1: open sreng2.0 -- startup project -- registry, and delete unnecessary startup, Remember the normal winlogonnotify project
2: stop the Win32 service application: open sreng2.0 -- start project -- Service -- Win32 service application -- check to hide the certified Microsoft Project -- find the (not verified or N / a) Microsoft Corporation item, right-click stop to stop (note that some normal programs will appear not verified or N / A, such as SQL related services, asp.net, Macromedia, etc., do not need to stop). Of course, you can also close related projects in the control panel - management tools - services
3: stop and delete the driver: This is the key step to delete the soft report studio. Many people can't delete the soft report studio because they don't stop the driver first and then delete the driver file. Start - run - enter "devmgmt. MSc" to open device manager - View - Show hidden devices - non plug and play driver, find font. Sys, Rd. sys, roreg. Sys; Right click md.sys to disable the driver. Restart the computer to safe mode, uninstall the above four drivers, in C: & # 92; winnt\ system32\ In the drivers directory, delete font.sys, rd.sys, and roreg.sys; md.sys
4: open sreng2.0 - startup project - Registry - to see if there is any more key in winlogonnotify, delete the key and delete the file When deleting, there is no record of the items)
5: start running - enter "regedit" to open the registry, select my computer - Edit - Find - enter reporter.dll, wmpkn.dll to find the next item and delete all the items found
6: delete start program start wnso.lnk
7: restart the computer to safe mode again: show and hide system files, C: & # 92; documents and settings\ Personal account; Templates\ Da0fas5 directory, delete the da0fas5 directory, delete C: & # 92; program files\ common files\ Rggzs directory< The last thing to do is to delete all the other "all" backups.
I have experienced it< According to our insiders, rising itself is a big virus
using zonealarmpro firewall is a good idea
X. the manual and clear method of virus "webworm":
virus damage (severe): turn the whole computer into a "zombie" computer
virus features: all disks are forced to set "auto play" to occupy computer resources. The computer is slow
1< br />3 System "run dos" input regedit to open the registry, then open HKEY_ CLASSES_ ROOT/HKEY_ CLASSES_ ROOT\ Directory / "shell" will delete the whole shell< br />4 Delete all autorun files in the computer and delete them completely. Be sure to delete it completely
5. The main obvious symptom is that the hidden files cannot be displayed. In different cases, another symptom is that the subdirectories cannot be opened in the same window
when the virus file breaks out, the recycled process will run. Copy the recycled.exe and autorun.inf files in the root directory of each disk, and it is possible to replace the rundll32.exe system file
6. I think there is no way to crack the Trojan except to use the tool to view the process to stop the Trojan, modify the shell item and delete the Trojan file.
manual cleaning steps:
1 open the task manager and close the recycled.exe and rundll32 processes. It is recommended to keep the task manager open all the time ring the cleaning process. If the recycled.exe process runs again, You're going to start cleaning again
2 run regedit to open the registry editor
[HKEY]_ LOCAL_ MACHINE\ SOFTWARE\ Microsoft\ Windows\< br />CurrentVersion\ Explorer\ Advanced\ Folder\ Hidden\ SHOWALL]
" CheckedValue" = 00000000
change the value of this item to 1
[HKEY]_ LOCAL_ MACHINE\ SOFTWARE\ Microsoft\ Windows NT
\ CurrentVersion\ Winlogon]
" SFCDisable" = 00000001
change the value of this item to 0
search recycled.exe, and then delete the whole shell key on the left
3 search recycled.exe and autorun.ini, check the hidden file & folder, search all disks, including mobile hard disk and U disk, and delete the two files in the root directory
4 use SFC to check the protected files of the system
you can also use Ruixing to check and kill C: &; windows\ system32\ Msvci.exe, and then delete other files. It's more reliable to enter safe mode, but it may not be deleted in normal mode< 11. Windows.exe prompt Trojan horse
process file: wins or wins.exe
process location: system or C: &# 92
program name: bkdr_ Spybot. I or W32 / RBOT dzw
program purpose: IRC backdoor Trojan virus, worm
process analysis: after the backdoor service program runs, it connects with the IPC server, and performs all the tasks needed by the malicious person, such as virus download and information theft, according to the malicious instructions set by the server. The virus uses Microsoft: (ms03-001), (ms03-007), (MS03-026) buffer overflow vulnerability, SQL Server weak password vulnerability, operating system vulnerabilities (including dcom-rpc, LSASS, WebDAV and UPnP) and other backdoors, worms and Trojans to spread. The virus modifies the registry to create a system service, which is self starting< 12. Tools: sreng2.0<
poisoning symptoms: Rising Firewall and anti-virus software Symantec service are deleted, the system slows down, can't access the web page, etc.
you need to pay attention to the following points:
1: start - program - start - wnso.lnk
2: C: &# 92; program files\ common files\ Rggzs
3: show and hide system files, C: & # 92; documents and settings\ Personal account; Templates\ Da0fas5 directory, which contains a.dll, b.dll, c.dll, and its attribute comments are described as soft report studio< br />4:c:\ WinNT (version 2000) & #92; system32\ Under the drivers directory: font.sys, rd.sys, roreg.sys; Md.sys (in addition, there are bkexxg29.sys and hhfrwr2.sys, I don't know if they are their drivers, if so, please let me know)
5: C: &# 92; winnt\ Report.dll, wmpkn.dll
6: Win32 service application in system32 directory
deletion steps:
start in safe mode
1: open sreng2.0 -- startup project -- registry, and delete unnecessary startup, Remember the normal winlogonnotify project
2: stop the Win32 service application: open sreng2.0 -- start project -- Service -- Win32 service application -- check to hide the certified Microsoft Project -- find the (not verified or N / a) Microsoft Corporation item, right-click stop to stop (note that some normal programs will appear not verified or N / A, such as SQL related services, asp.net, Macromedia, etc., do not need to stop). Of course, you can also close related projects in the control panel - management tools - services
3: stop and delete the driver: This is the key step to delete the soft report studio. Many people can't delete the soft report studio because they don't stop the driver first and then delete the driver file. Start - run - enter "devmgmt. MSc" to open device manager - View - Show hidden devices - non plug and play driver, find font. Sys, Rd. sys, roreg. Sys; Right click md.sys to disable the driver. Restart the computer to safe mode, uninstall the above four drivers, in C: & # 92; winnt\ system32\ In the drivers directory, delete font.sys, rd.sys, and roreg.sys; md.sys
4: open sreng2.0 - startup project - Registry - to see if there is any more key in winlogonnotify, delete the key and delete the file When deleting, there is no record of the items)
5: start running - enter "regedit" to open the registry, select my computer - Edit - Find - enter reporter.dll, wmpkn.dll to find the next item and delete all the items found
6: delete start program start wnso.lnk
7: restart the computer to safe mode again: show and hide system files, C: & # 92; documents and settings\ Personal account; Templates\ Da0fas5 directory, delete the da0fas5 directory, delete C: & # 92; program files\ common files\ Rggzs directory< The last thing to do is to delete all the other "all" backups.
Hot content