What should I do if my computer is infected with Trojan Spy Agent aha?

SearchNet Trojan removal method.

The Trojan has the following characteristics: self-hiding, self-protection, self-recovery, network access, background escalation, monitoring of user actions.

1. Hide files.

The Trojan hides the searchnet folder under the program file and the three drive files under drivers:

2. Hide the process.

The Trojan hides two processes of its own: and.

3. Hide the registry.

With regedit it is not possible to view its registry startups.

searchnet up startup item and, , driver item.

4. Monitor user operations.

The Trojan, which has the wh msgfilter wh keyboard ll wh mouse hook installed, monitors the user's every move.

With icesword you can see the global hooks installed by the searchnet process.

5. Self-protection and self-repair.

The Trojan employs a driver file that protects all of its ownership and registry.

6. Network access and background upgrades.

The Trojan can be quietly accessed from the network and upgraded in the background to keep it up to date and evade the detection of antivirus software.

7. Unloading deception.

The Trojan offers a fake uninstall method to trick users.

According to the fake uninstall method provided by the user, after uninstalling, there is no uninstall item in the control panel, and its files and registry are stored in the same place, and its driver is still protecting itself from being discovered by the user and not deleted by the user. That is, users simply cannot remove this Trojan!

8. Handling methods.

1. Stop processes and related services.

Process: y.

Disabling services: remote logs, this step is key.

2. Reboot into safe mode.

Delete the searchnet folder under the program file and the three drive files under drivers

Antivirus key! Turn off System Restore.

F8 into safe mode.

Dizzy. Recently, this kind of "Trojan horse disc" has become really popular. Many people have been infected with this virus. If your Rising is positive. It's okay for you to kill in safe mode.

Kill it with antivirus software.

It really doesn't work, enter the safe mode and delete it manually.

I also fell for this virus, but it didn't work, and I couldn't find this file at all.

This is the Internet pig that I've come across.

That time, I manually cleared the punch and didn't clean it, so I had to re-loosen the clothes.

It is recommended to use UPIEA or other special killing tools.

The easiest? Do it,Find out the specific path on the machine,So you can delete it.,If it doesn't work, then go into safe mode to delete it.,After restarting the machine, press F8.,Enter safe mode.。

The next antivirus software will kill you.

The easiest to kill? I don't really understand.

Use anti-virus software to kill.

Turn on the main unit, take out the hard drive with a screwdriver, open it, and use a knife to cut its magnetic sheet!

You're a Trojan program. Generally, genuine antivirus software can be killed.

Use genuine antivirus software to check and kill

Useless. It depends on what kind of antivirus software you use, if it's Rising's, you can easily kill it. I just killed.

An old-fashioned variant of the virus, with. 360 is fine, but the premise is to kill a few more times in safe mode.

Eventually, the system may be destroyed, and the system may have to be installed.

You install 360 Security Guard, there is Kaspersky in it, you install 360 and enter the antivirus page Back to remind you to install Kaspersky After installing it, just use Kaspersky to kill It is good to use Kaspersky to kill Below is the **address.