Today, I am free to go online, I found a post is very helpful for killing Trojan viruses. For users who are often homeworr infected with Trojans, they are now finishing: First, Trojans Shareqq This is a QQ Password steal software. The clearance method is as follows: 1. Delete the file. Use the process management software to terminate the spolsv.exe's process (or go to pure DOS), then remove the spolsv.exe file under the Windows / System folder, and delete the debug.dll, msime5f594f58.dll, then Remove the WinIn.exe file in the Windows directory. 2, check the registry. Enter the regedit check registry in the "Start" menu, to HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / RUN to delete a string called "NetConfig". Under HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Runon, delete "WinIn" strings. 3. Restart the computer. Second, Trojans Bladerunner first expand the registry to: hkey_local_machine / software / microsoft / windows / currentversion / run, you will see the string value system-tray, whose key value is c: /something/something.exe, in fact C : /something/something.exe is to change, you can see how people are set up, so you can see it different from me, but this doesn't affect us. According to the key value created in the registry, write down the name of the Trojan with the folder, then return to pure DOS, find this Trojan file and delete it. Restart the computer, then find the string value and its key value established by the Trojan files we mentioned earlier, and delete it. Third, Tumegao Guangxiang Girls Guangxiang is a virgin for the Guangdong Foreign Language University "Guangwai Girl" network team. Its basic functions are: file management, download, delete, rename, set up attributes, create folders and run Specify file and other functions; registry operation: comprehensive simulation of Windows registry editors, so that remote registry editing works as convenient to operate on this machine; screen control: You can customize the quality of the image to reduce the time of transmission, In a local area network or high network speed, you can also operate the consolidated mouse (including click, double click, right-click, drag, etc.); other features also have remote task management, mail IP notifications, mail services, etc. Compared with other similar software, Guangxiao girls is that the server program is small, and everyone is familiar with "Ice" is more than 260 KB, and there are only 96kb women in Guangwai girls! The server takes up less system resources, and only 3M memory can only affect the speed of the server computer. Good concealment, it is not easy to find. It also automatically checks whether there is "Jinshan Drug", "Firewall", "iParmor", "TCMonitor", "iParmor", "TCMonitor", "Iparmor", "TCMonitor", "LOCKDOWN", "Kill", "LockDown", "LockDown", "Tianwang", etc. The process is terminated, that is, it will make the firewall completely lose the protection! Wide-friendly female clearance method After the Trojan is running, it will generate a Trojan file named Diagcfg.exe in the system's system directory, and related to the Open mode of the EXE file, if the file is deleted, it will cause all the system. The EXE file cannot be opened.
1. In pure DOS mode, find Diagfg.exe under the System directory, delete it; 2. Since the diagcfg.exe file has been deleted, all EXE files will not be able to run in a Windows environment. Find the registry editor regedit.exe in the Windows directory, rename it "regedit.com"; 3. Go back to Windows mode, run the regedit.com program under the Windows directory; 4, find hkey_classes_root / exec / shell / Open / Command, change its default key value to "% 1"% *; 5, find hkey_local_machine / software / runservices, delete the name "Diagnostic Configuration"; 6, turn off registration Table editor, return to the Windows directory, change "regedit.com" back to "regedit.exe". 7, restart the computer. Fourth, Trojans Brainspy 1, check the registry. Expand the registry to HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / RUN, you will see string values *** = "c: /Windows/system/brainspy.exe" in the window on the window, "* ** "is random change, but its key value is not constant to" c: /windows/system/brainspy.exe ", delete this string value and key value. 2. Delete the file. Use the process management software to terminate the "Brainspy.exe" process (or restart your computer to pure DOS), then remove the Brainspy.exe file under the C: / Windows / System folder to clear the Trojan BRAINSPY. 5. Trojans funnyflash funnyflash icon is a Flash icon, which is easy to make people be deceived, don't think it is a flash file. Clear method: 1. Check the registry. Under Registry HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / RunServices, delete string value "723" and its key value "C: /`.exe". 2. Delete Trojan files. Locate the "` .exe "file below the C:` / Windows and C: / Windows / System folder, remove it, remove it, remove the "funnyflash.exe" file under C: / Windows / Temp Clear Trojan. 6. The QQ password detective special edition is also a QQ password to steal password, the Trojan file is named QQspysp.exe, file size 379,904byte. Its clearance method: Restart the computer to pure DOS state, then remove the INTERNAT.EXE file in the C: / Windows / System folder, and then rename the smaxinte.exe file under the folder, and finally remove The INTERNAT.EXE and Uttnskf.ini files under the Windows folder are restarted to restart the computer. Seven, Trojans Iethief IethiEf icon is very similar to the icon of the browser IE, and the icon adds a row of "teeth" at the "E" word on the right end, which is a good idea to identify it with the normal IE file. method. Clear method: 1. Delete the Trojan file under the C: / Windows / System folder and related information record files: Iethief.exe, FIRSTRUNIE.DAT, IECFG, this step can be done under pure DOS.
2, change the registry: go to the registry hkey_local_machine / software / microsoft / windows / currentversion / run, remove the string value "Ierun" and its key value "c: /windows/system/iethief.exe". Eight, Trojan Qeyes Laters QEYES Laters are a QQ password to steal Trojan, its clearance method is as follows: 1. Enter Msconfig in "Run" in the "Start" menu, find the Win.ini label, delete "[windows]" field The string "C: /Windows/thereadmsg.exe" under "run =" under "Run =". 2. Check the Registry In the "Run" of the Start menu, enter the regedit, go to the registry hkey_local_machine / Software / Microsoft / Windows / CurrentVersion / RUN, delete string value netservice and its key value C: / Windows / NESMSG. EXE; Remove string value system and its key value c: /windows/system/kerne132.exe; finally delete string value boot and its key value C: /Windows/system/kerne116.exe. 3. Clear files to Windows to remove Nesmsg.exe, thereadmsg.exe, wininet.ini, raddr.exe, wininet.ini, raddr.txt, and addr.txt files, and remove kerne116.exe, kerne132.exe files under the Windows / System folder. Finally, the Ttima can clear the trees in the C-drive root directory. Nine, Trojan Blue Flame Blue Flame is a Trojan without a client, almost any of your computer can be used to control it, such as Telnet, Sterm, CTerm, Zmud, FTP, IE, Netscape, Opera, flashget, cuteftp ... Due to no client, even cross-platform to control the server, if the Blue Fire Client and Services are communicated by the 19191 port, if it is a micro version of the blue Color flame (this is a micro-blue flame of only 10K size), uses a 9191 port connection. Therefore, it is also possible to discover "blue flame" by this method, the method is to run the netstat -a command under the MS-DOS window (referred to as a command prompt in Win2000), if there is a 19191 or 9191 port opening I said that you are in China (this part introduces the article's article). Clear method: 1. Delete the key value established in the registry in the registry. Enter the regedit in the "Start" menu "Run" to HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / RUN, delete string value network services and its key value C: /Windows/System/tasksvc.exe. 2, recovery file association: go to the registry hkey_classes_root / txtFile / shell / open / command and hkey_local_machine / software / class / txtFile / Shell / Open / COMMAND, change C: /Windows/system/sysesExpl.exe% 1 to : NotePad.exe% 1 3, delete files. Under C: / Windows / System, remove Tasksvc.exe, SYSEXPL.EXE, BFHOOK.DLL, can clear Trojans blue flames.
