In the afternoon, I received a file sent by Ennian, without hesitation, and running, the result saw IE slowly open C: /Crazy-frog.html ... After the nightmare started, MSN automatically sending files to online people, only wakes up to poisoning ( After breaking the network, it will stop. This kind of situation still occurs after deleting the received file and logs out twice, it seems to have essential differences with the virus that spreads the marriage message.
So the Google "MSN Automatic Send File" queries found this virus symptoms similar to a virus called MSN sexy chicken, just don't know which variant is already, and searched for a special kino on Jinshan, download running but no result. Suddenly remember to open an HTML file under the C disk, so I look at the C drive, it is very clean, but it will appear after the hidden file is displayed. Turn them all, but instantly generate, the source of the virus can not be found, it is really difficult to start.
So continuing to google, finally paying attention to people, find a virus report, symptoms are completely like my computer. However, there is still a special killing tool, and the reminder of the Hihai classmates will be submitted to safe mode, delete c: /winnt/system32/serbw.exe ,c: /winnt/system32/Formatsys.exe,
C: /winnt/msmbw.exe, and those hidden files under the C disc, delete the following effect in the registry
HERK_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run
HERK_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / RunService
HERK_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Policies / Explorer / Run is equal to C: /WINNT/MsMbw.exe, c: /winnt/system32/Formatsys.exe, C: /Winnt/msMbw.exe.
After restarting, I finally saw everything is normal.
P.S. When I write this blog, I found that the killing tool has just been updated, I should check the variant E.
