I have seen many people written on the Internet how to clear this virus. In fact, the best way is to install XPSP2. I am not a profession, just write it.
The business trip is about probably in early October, and there is no way to open the computer online. Norton discovers Download.trojan. Like peace, there is no reason to know that Norton will be isolated. But there is not long for the dial, and only 263. After the Internet, it will generally not take the line for more than 10 minutes, and other numbers are used, or the same problem. Finally, the Internet is the virus flooding, w32.sspybot.worm, w32.beagle.ag, w32.sasser ... no episode under Norton, it is not a unpowed alarm isolation.
Prepare yourself to find viruses, this war begins like this. First check the characteristics of these viruses first on Symantec, and found that Download.trojan is older, all 2001 viruses, but Norton can't clear it completely, or there is a warning. Several several viruses are always generated under System32, but they have been cleared when they were on. Later, every time I internet, don't do anything (not open), open the Windows Task Manager to view the startup process. Sure enough, cmd.exe and ftp.exe start running, the dial-up icon has been in connection, and Norton will be alarm. When Download.trojan ("O" file under System 32) is discovered, Norton does not remove the isolation, open with the UE. Rely, it is a batch of processes, connects to the website with FTP download file.
I understand everything this time. After Download.trojan, the batch file will generate a batch file, start FTP to download other viral files on the website, that is, that is always those found by Norton. Because it is dial-up, it will browse the web competition with me, and finally turned off. The generated files are under System32, and the names are random, but they will change their names after downloading. So you can say that Download.trojan is like a tool to download the virus to the machine. Finally, in System32, some suspicious files, winxp.exe, ftpupd.exe, svr32.exe, and a suspicious shortcut, and change ftp.exe. Updated the virus library, check it out in security mode, no problem.
Dial-up Internet access, about less than 30 minutes, Norton has reported again. God, it is the problem, it is really unable to. Look at SYSTEM32, the ftp.exe of the name is changed again.
Think of a tool, the file monitor, you can view the case where the file is read and written. Open the surveillance of those suspicious files, after the Internet, found that there is a program to generate SVR32.exe under System32, and it is lsass.exe, which is a system file. Check out its properties or the original properties. This is how to do? Thinking of a lot of viruses is to use lsass.exe to do. It is better to use Ghost to restore to the original clean system. If you make it again, you only have patch.
It's busy, the system returns to the beginning of the year (time backflow). Dial, Internet, alarm, dropped line, and even more countdown to restart.
Eventually only patch. XPSP2 is to be activated online, find a method to activate online: Use XP online activation programs 1.0 specific method can be found online, there are many
