Recently, some people with interested people use QQ to spread Tempera virus, commonly known as "QQ tail". The virus will sneak in the user's system, will look for the QQ window when the occasion is sent, and the QQ friends on the online QQ friends will send such as "Let's go to see, there is a very good thing -" the fake news and the like, tempting users Click on a website. If someone believes that it is really a virus, it will be infected by the virus, then be a toxic source, continue to spread.
Yesterday I was poisoned, using KV2004, Jinshan special killing tool, Rising special killing tool and Rising 2005 couldn't kill this virus, did not see any suspicious launcher in the registration table, but with Rising 2005 and Jinshan special killing tool This virus can be found. Shuiyui gave me 2 files in C: / Windows / YSTEM32, named Msapi.dll and Msapi.exe. That is deleted. by! ! No, right? So hang, delete there will be a copy back, you won't be deleted at all. No way, I have to restart the security mode.
gosh! ! ! ! ! God is still like this. After comparing with other systems, it is found that these two files are in the ghost, and I can't delete it at all. It seems that the program in memory is running in a DLL shape. If it is found that it does not exist, it generates a new one, so I search for Msapi in the registry, I finally found it in Winlogon's sub-shell, huh, I finally found it. The following deletes it, but the prompt cannot be deleted, it seems that the program in the memory has always monitored this key value, it is the key to the next system to start the virus correctly.
No way to cover it with a good file. So I added SYSTEM32 / SOL.EXE (play card, huh, huh), renamed Msapi.exe and copy it to System32 to overwrite the virus file, restart the computer, enter the desktop bomb, the Rising report did not find viruses ! Haha, basically, go to the two files under System32, then delete hkey_local_machine / software / microsoft / windows NT / CurrentVersion / Winlogon's shell delete restart all restore calm, the whole world is clean, the death QQ virus is no longer existed .
After the Internet is found, it is found that the virus called "Wuhan Boss", using Microsoft's vulnerabilities, hey, God, let me say what Gates and his MS ......
