The latest flash drive virus statistics and antivirus program

32 2021-07-27 21:44

Blacklist one: autorun.inf + sxs.exe + svohost.exe (and svchost.exe is very similar to it). This is the latest flash drive virus that I know, is a modified ROSE virus, its main role is still to affect the speed of the network connection. But want to delete it I think the better way is to enter safe mode to operate, at least I do so. If you find yourself with a few more files on each of your computer's hard drives. Don't worry, first make sure you disconnect from the internet and unplug the flash drive (if it's still plugged in).
       Restart your computer and hold down F8 while restarting, i.e. enter safe mode. After entering, press Ctrl+Shift+Esc at the same time to open the windows task manager. Select the "Processes" tab inside, and look for "sxs.exe" and "svohost.exe" under "Image Name "Click it and select "End Process" to close Task Manager. Open My Computer, click the "Folder Options" under the Tools menu in the "View" tab to "Advanced Settings" in the "Hide Protected In the "View" tab, uncheck the "Hide protected operating system files (recommended)" box and select the "Show all files and folders" option below. Select OK. Right-click on each drive (do not click on each drive) and delete the "autorun.inf" file and "sxs.exe" file under each drive. At this point, you have completed the first step. Next, click Start, select "Run" and type "regedit" (that is, Registry Editor, note Wu quotes), OK. And then expand My Computer > HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > Windows > CurrentVersion flash drive home

  Run to delete the Run item ROSE ( c:\windows\system32\SXS.exe) this item, in order to make a thorough can press F3 by looking for files related to the virus: sxs.exe, svohost.exe, autorun.inf and then delete the item can be, restart the computer, to this computer on the virus has been removed. So how to remove the virus on the flash drive? Hold down the shift key, insert the flash drive until the computer prompts "new hardware available" and then right-click on the flash drive drive and select "Open" (again, do not point to autoplay or double-click, remember, ah, otherwise the work done above will be in vain. Otherwise, the work done above will be in vain) delete sxs.exe and autorun.inf files, so that the antivirus process is all complete. Home of the U disk

  blacklist two: doc.exeflash drive inserted after its symptoms are written to win32.exe, win33.exe and many .exe virus files, with similar icons posing as mp3 and doc documents; open with Task Manager to see, there is a process named doc.exe in this activity. The basic way to kill the virus and blacklist a similar method, first in the flash drive is not inserted in the case of open Task Manager to end the DOC.exe process, and then in the C disk to find the file doc.exe, doc1.exe, if the system is XP, you need to check the advanced options to find hidden files, find and delete. Open Explorer (right-click on the Start menu), find the folder c:\Documents and settings\All Users\[Start] menu\Programs\start to delete the file Windows word (now you can not see its extension, in fact, its extension is . exe). Run regedit to find HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Run to delete the corresponding key value. But different from the blacklist is that the infection doc.exe will also leave some after-effects: by the virus infection, the system can not display hidden files or hidden system files and file extensions, even in the folder options to modify also useless, I tried, it is necessary to manually modify the registry to solve this problem. Enter regedit to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Explorer flash drive home

  \Advanced\Folder\Hidden\SHOWALL in the value of CheckedValue to 1, that is, to show all files and folders; set HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Explorer

  Change the value of CheckedValue in \Advanced\Folder\HiddenFileExt to 0, i.e. cancel "Hide extensions of known files". The local antivirus is finished. flash drive's antivirus is basically the same as blacklist one. YouDiskHome

  Black List III: autorun.inf+msvcr71.dll+RavMonE.exe+RavMonLog. Also when the user double-clicks on the flash drive disk drive will activate autorun.inf and thus automatically load RavMonE.exe or RavMon.exe (here RavMon.exe may be RavMonE.exe variant, trying to impersonate the normal files RavMon.exe and RavMonD.exe of Rising Antivirus software). Its antivirus process is basically similar: open Task Manager (ctrl + alt + del or right-click on the taskbar can also be), terminate all ravmone.exe processes, enter c:\windows, delete the ravmone.exe, enter regedit in Run to expand HKEY_LOCAL_MACHINE\ in turn SOFTWARE\Microsoft\Windows\CurrentVersion\Run\, find the corresponding key value c:\windows\ravmone.exe and delete it. If you want to make sure that the remnants of the virus are removed, you can find the corresponding keywords in the registry and delete them one by one (do not, please backup the registry first when modifying it). You can also type msconfig in Run and delete the corresponding startup items in the "Startup" tab. flash drive home

  Blacklist four: desktop.exe + desktop2.exe + autorun.inf may also have some other files, these files are hidden. The author has been infected, quite hateful!!! The main symptom of the virus infection is to open the folder options, show all files selected, and then click OK that radio box is selected to show all files, but the hidden files do not appear, open the folder options again, the display or not show hidden files and folders. The virus will generate SVCHOST.EXE virus master after it infects the computer. The commonly used antivirus software basically does not respond much to this virus. It seems that we have to kill the virus manually again. First of all, open the Task Manager, the virus process wuauserv.exe shut down (this process in safe mode can also be started by the virus). And then type regedit in Run, that is, to enter the Registry Editor, this step has been described in detail above. Find [HKEY_LOCAL_MAC HINE\SOFTWARE\Microsoft\Windows\ CurrentVersion

  Explorer\Advanced\Folder\Hidden\SHOWALL] and change the value of "CheckedValue" to 1, type dword, and then find [HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\WindowsNT

  CurrentVersion\Winlogon] change the key value of "Userinit" to "userinit.exe," (note that do not forget to bring a comma). Then "Open Folder Options" -> "View" -> put "Hide protected OS files" the check box to remove -> "Show all files and folders" selected -> OK. This time it is OK. Let's get down to business: go to the c:\windows \system32\ directory. Arrange the icons by type (this is good to find). Find the wuauserv.exe file and delete it. At the bottom of the directory there will be two registry files, boothide.reg and bootrun.reg, delete (ignore the pop-up warnings, that is purely scaremongering). Finally, you have to use a small tool killbox. because there is a virus named svchost.exe (and the system svchost process, but is saved in a different path) hidden in the c:\windows\system32\ svchost\ directory. Killbox can forcibly delete various files. Open this software, find the file c:\windows\system32\svchost\svchost.exe at the preview, and click Delete. A dialog box will pop up prompting you to back up the files to be deleted, click "Yes" (no response if you do not click Yes). And then will pop up a warning countdown in sixty seconds after the shutdown, while a pop-up prompt to delete successfully. After sixty seconds the machine will reboot. After the machine reboots, after using killbox, a folder with the first character "!" will be created in the root directory of the system disk (if your system is installed in the C disk, then in the C disk). Don't forget to delete it as well. At this point, the entire antivirus process is complete. Don't forget to open the task manager when you insert the flash drive in the future and check what processes are available! flash drive home

  flash drive home

The latest flash drive virus statistics and antivirus program

 

 

·