1. Home > Virus prevention >

A arduous virus detection and killing process

My friend got a virus W32.Jeefo today. The virus can increase the file space, and the virus is highly contagious, and the area involved is also very wide. Some friends may first think of anti-virus software, such as Rising, but we have not considered that the function of anti-virus software is to directly remove viruses or quarantine, but if it is directly removed, some files may be damaged, and the friend’s personal server and writing The programs that have lasted for a month are infected with the virus, so I can't do that. The consideration is whether to find a special killer first, or consider finding the virus information and then go to manually kill the virus. With this idea, I started to take anti-virus measures.

   opened the official website of Rising www.ruising.com.cn to search for the virus database, but no information about the virus was found. Depressed, why can't even Rising kill? I did not try other antivirus software. I went directly to Baidu search and after some understanding, I learned that the name of the virus is "Jeff". Jeff virus is a virus in memory. If the virus is run, it will copy itself to the Windows root directory and name it "svchost.exe" %WinDir%\svchost.exe, and then add a key value in the registry [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]"PowerManager" = "%Windir%\svchost.exe"

Every time you restart, a copy of this virus will run along with it. The virus searches for the win32 PE executable file with the exe extension in the logical partition of the infected computer. The size of the infected file increases by 36352 bytes.

< P>   I saw the introduction of the virus, and I had a little understanding. This introduction was sent by Kaspersky, but no special killing tool was found. I was depressed. It seems that I can only do it manually. According to the virus, I asked some people for help Download http://beta.activeupdate.trendmicro.com/fixtool/fixtool.zip

  Solution:

  1. Prohibit the use of system restore

  2. Restart to VGA mode or safe mode

  3. Run norton's virus scanning program to perform a full disinfection. If any virus is detected, delete

  4. Enter the registry backup under HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows\CurrentVersion\RUN, delete the value "PowerManager"="%windir%\svchost.exe" on the right and restart it.

   I forgot to say a little bit, it must be done after it is done Remember to apply a win32 patch. This time it took a lot of effort to get this virus, because I am used to using Rising. From this antivirus, I think I will learn more about the registry in the future, because many viruses need to go Kill in the registry, anti-virus software. Although it can kill viruses, it is likely to cause some losses. If you can kill it manually, it will be fine.


This article is published by www.internetweblist.com and does not represent the position of www.internetweblist.com/:http://www.internetweblist.com/Virus prevention/21836.html

Contact Us

Online consultation:click here to give a message