I just installed WinXPSP1 (9394) English version, I want to upgrade the patch, helpless encounter the following situation. 1. First, I found more than five files in the system disk C disk: sex.bat, sex.html, sex.reg, xfks.exe, autoexec.sys.2, I am in the installation of Norton AntiVirus 2004, upgrade virus When the library is suddenly closed, the taskbar, including a series of MSCONFIG or Regedit and other commands that can modify the startup information. 3, helpless, fortunately there are backups, so Ghost recovery, half a day ..., recovery success, enter the system again, no problem. 4, this time, I will install Norton AntiVirus 2004, then restart, I thought everything is fine. When I upgrade the virus library again, it is no reason to stop, and I can't invoke the task bar, including Msconfig or Regedit and other series. Can modify the command of the startup information. Rely, can't stand it, this is a new system! In addition to Norton, what is not installed, and in addition to running the Norton upgrade program, there is no run. strange! ! This time I didn't have a GHOST recovery system, but installed the Dream Tools virtual optical drive (the end of the end), I can install, accident, surprise, I thought of the process management of the Windows Optimization Master, so Down. Really, the suspicious process is as follows:
Process Quick List: Process 10: C: /Windows/system32/msie.exe (priority: normal). Process 12: c: /windows/system32/pqznks.exe (priority: normal), process 16: C: /Windows/system32/wuauclt.exe (priority: normal) is two, users, systems, processes 18: C: /Windows/system32/wuauclt.exe (priority: ordinary) 5, what are you waiting for? Thus, a series of commands such as MSConfig or Regedit can modify the startup information, start the information discover two special information, and Msie.exe, so in the registry:
// [HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / RunServices] "Microsoft Update" = "sys32cfg.exe" "Windows Media Player" = "pfnqej.exe" [HKEY_CURRENT_USER / Software / Microsoft / Windows / CurrentVersion / RunServices] " Windows Media Player "=" PFNQEJ.EXE "// Remove (including a series of people who start the menu knows and launch), this thought it was OK, and before this time, I will put the Automatic Updates service. . 6, start again, very fast, more than the last time, this time everything is normal, loose tone, you must be very strange, why do I turn the Automatic Updates service, that is, I will open the sex.html with text. Look, guess, as follows: {
