ShuDudu's Home

ShuDudu's English Home
    • ShuDudu's Home was started in 2011, but the web data is lost, so now begin again, I would like to make some friends, I hope you like ShuDudu's home.
    Current position: ShuDudu > Life >

    Another abnormal virus solved.

    Monday on March 3rd, 2008Life

    all computers in the local area network visit the website to indicate that there is a virus, and a computer is found to be infected with arp cheating.

    started processing and found that the machine's antivirus software was turned off. Using the Task Manager, an abnormal process was found. Click to end the process, the task manager automatically closes, as soon as you open a website or directory containing antivirus words, IE automatically closes. Choose to enter safe mode to display a blue screen.

    GHOST reinstalls the system and becomes infected as soon as it starts.

    when you use the msconfig command to view the system startup, you find two self-starting items: "C:\ Program Files\ Common Files\ System\ akpfhtq.exe" and "C:\ Program Files\ Common Files\ Microsoft Shared\ dtajxne.exe".

    delete the files manually and enter the corresponding directory of the startup project under WINDOWS. Even if all the hidden files are shown, you can't see the corresponding files, and you can't delete them by running CMD and using the DOS command to enter the directory.

    final solution (revised according to the online solution):
    1. Boot to DOS mode, go to the "C:\ Program Files\ Common Files\ System\ & quot; directory, check the hidden file and find the akpfhtq.exe file. Modify the relevant properties of the file: attrib-a-h-s akpfhtq.exe, delete the file: del akpfhtq.exe
    similarly, go to the" C:\ Program Files\ Common Files\ Microsoft Shared\ & quot; directory, delete the dtaj3.xne.exe file. " Enter the "C:\ Program Files" directory to have a Trojan program meex.exe file, which is deleted as above.
    2. Through inspection, it is found that the root directory of each hard disk partition has "autorun.inf" and "xiwiiuy.exe" files, and two hidden files in different partitions are also deleted.
    3. Enter WINDOWS. The programs pointed to in the registry: HKEY-MACHINE\ SOFTWARE\ MICROSOFT\ WINDOWS NT\ CURRENT VERSION\ IMAGE FILE EXECUTION OPTIONS\ are all "dtajxne.exe" files, and delete them all.
    (remember not to insert removable storage media until the virus is completely killed)
    4. At this time, you can run antivirus software to check and kill all the partitions of the hard disk.
    5. Run the GPEDIT.MSC Group Policy-computer configuration-Management template-system, and turn off the auto-playback function.
    6. Problem solving.

    Copyright Protection: ShuDudu from the original article, reproduced Please keep the link: https://www.shududu.com/life/Another-abnormal-virus-solved.htm

    SHUDUDUabout meShuDudu
    Female, I'm from Macau, gentle personality, I like learning English, like music and movies.

    recommended article

    popular articles

    Tags

    About ShuDudu

    My English is not good, but I like to learn English, so I'm writing on my website, translation of the article of interest, if your native language is English, you can ask me to learn English?

    contact ShuDudu

  • ShuDudu
  • Email:shududu@breem***.com

    • Special thanks

  • my friend
  • some one

    • Copyright © 2011~2020 ShuDudu.com