Symantec Anti-Virus Item Virus is PWSTEAL.TROJAN, which is not. After reviewing the Symantec website, determine the virus as Trojan.Redfall. Clearing the virus is complicated and manually modify the registry. The official solution is as follows. Http://securityresponse.symantec.com/avcenter/ensc/data/trojan.redfall.html I manually modify the registry according to the article. Because our company is online through the ISA agent, the client is fully configured with FWC, so hkey_local_machine / system / currentControlSet / Services / Winsock2 / parameters / protocol_catalog 9 / catalog_entries 00000000000 This key value is different, the modification is still not Internet. Then use a software repair success. This software is named LSP-FIX, downloaded address: http://www.cexx.org/lspfix.exe use diagram: My Solution:
First of all, I first fix it with the software, prompting me to fix several protocols, and so on. I can't get online at the time. I will set up, when the login dialog is displayed (before that 3 keys), I prompt me if lsass.exe can't initialize, and then the countdown one minute shutdown dialog (it seems to be damaged by that file. The minute is automatically restarted).
When restart, press F8 to enter the system with the Last Known Good mode, everything is normal.
With software, I will reinstall the TCP / IP protocol, and I have to uninstall it. Start after installation, it is still not accessible. At this time, I will repair it with that software, and I can go up. After that, I'm very careful, everything is normal! !
problem solved! ! Many people have the steps of the steps, I rewrite: 1. Reinstall the TCP / IP protocol, first uninstall it to install. 2. Repair with that software. Because the WS2_64.dll has been deleted, it can't see that file in the list of the left, do not take it. Select the i konw I am doing directly to point Finish. The prompt fixes several protocols. 3. You can get online until now, and there is no problem. 4. In the Win 2000 Pro environment, I think other systems are the same. How to uninstall the reload TCP / IP protocol: http://blog.9cbs.net/starlee1738/Archive/2004/12/04/204294.aspx
