There is always a prompt when you boot up the urdisk exe is allowed to run. If the reboot is deleted

Recently, Kingsoft Antivirus Security Center has detected that there are more users on the Internet asking for help "what to do if the homepage is always modified" or "C: programdata mozilla How to kill this virus", Kingsoft Toxin engineers contacted these users and found that this is a virus that modifies the homepage, and the IE homepage of the computer will be repeatedly tampered with (access the ** will jump to 2345 navigation), and create a web shortcut on the desktop.

According to the analysis of Kingsoft Poison security experts, this virus that modifies the homepage has the following characteristics:

1. Create a service that uses a third-party software program with a normal digital signature to boot up;

Second, the virus process is more complicated. Process A creates process B, process B creates process C, process C creates process D;

3. The virus startup item and the last program that executes the modification of the home page are normal programs, the intermediate link is a virus that modifies the home page, and the last link is the autoit3 program that executes the au3 script.

With the following hazards:

2. Tampering with 360 browser, Google Browse browser, Sogou browser, TT browser shortcut pointing to and tampering with the home page of Internet Explorer;

3. Background access**customer purchase, etc.**, popping up all kinds of annoying ads.

How do 7479 homepage hijackers spread? Kingsoft Antivirus security experts said that it is disguised as a "win7 activation gadget" or a "room opening query assistant" and other gadgets to deceive users**, if the antivirus software misses detection, once the virus file is run, it will immediately tamper with the homepage.

Virus process] Startup service --Create Process --Create Process --Create Process (

This is the problem of the USB flash drive, you better reinstall the system!

This shows that you are a more stubborn virus, and the anti-virus part of the housekeeper uses a 4+1 engine, including the self-developed second-generation anti-virus engine Hawkeye, using new machine learning technology, CPU virtual machine execution technology, so it can accurately identify and remove all kinds of stubborn Trojan viruses.

In C: Documents and Settings username (e.g. administrator).

Find "Desktop" in the folder, right-click "Properties" > "Security" > Advanced; Quietly.

Remove the check mark in the small box before "Inherit from Parent", and a dialog box will appear > "Delete"; Select system in Group & User Name and set all permissions to Deny.

Click Add, enter your username (e.g. administrator) in the Input Object Name >Check Name" OK;

Check the username you added to set all permissions to Allow;

Okay, now delete that abominable code eggplant ie shortcut, and it won't appear again.

There is no way to check all the options in the properties, find the tool options in the toolbar of the folder, click Folder Options" to view, cancel "Use Simple File Sharing", click OK, and the security options will come out.

Click to select the Start Run command, enter the regedit command in the Open bar of the Run dialog box, and then click OK.

1. Find the "item" - Hkey Local Machine Software World Pants Microsoft Stove Orange Windows CurrentVersion Explorer Desktop Namespace".

Then click on the items under them one by one, see which "item" of the "data" is displayed as "Internet Explorer", find the hidden group and write down the name of the item and delete the item directly, after refreshing the desktop, the "virus IE icon" is cleared.

The name of the item on my computer may be different for everyone.

Your computer should have a strong virus. It is recommended that you use the latest antivirus software virus database to kill the virus, and then restart it should be normal. Then it should be prudent to delete the garbage icon again.

**360 stubborn stupid solid Trojan horse kill Daquan sweep the Trojan, and then click to repair, 100% success! After the fix, the IE icon is missing, you can find it out from the C drive!! Those who pay homage to the first nucleus!!

Poisoned, kill with Kaspersky.

explorer is the dos command to open my document has now been modified:

Run Enter cmd

Enter: Enter at the Missing Argument command prompt.

for space%1spaceinspace(%windir%system32*.dll) space do space space s space %1

Remember: don't copy, type them one by one, and you'll see the screen scroll quickly. After entering, wait slowly (it takes 1-2 minutes), and it's OK to run it all! It is best to restart the computer after closing the DOS window and burning it.

Run in the lower left corner of the desktop spring search void to start! Give it a try.

Virus. Basic Information:

File name: Virus name: Kaspersky).

win32 worm (nod32).

Rising (Trojan).

Technical Analysis: The virus form is titled: Three Good Students, the source ** project is named, spread through the USB flash drive, injected into the process after running, and tried to steal the following game accounts:

I really encountered this problem today, and after solving it, I'll also write the answer.

The problem I encountered was a cash register computer, and the person who installed the ERP used a rogue address when he installed the driver, and automatically installed a bunch of rogue software, including a virus Trojan, and he installed a 360 and left. The problem I see today is that there is nothing on the desktop, only a wallpaper, otherwise it is constantly switching between having a desktop and not having a desktop.

First ctrl+alt+del to call up the explorer, end some useless program processes, end explorer, and then manually enter explorer under running, the result is still the same. Because the explorer keeps restarting, there is no way to use the control panel to uninstall the program, fortunately, 360's software manager can be used, so as to uninstall those useless junk software, and at the same time use 360 to kill the Trojan, and then restart. The result is still the same.

After rebooting into safe mode, the result is still the same under safe mode.

The last solution: after restarting, end the explorer in the explorer, create a new program under the run, enter cmd, open the command line or virtual, enter under cmd, open the computer management interface, look for the error log in the program log under the log, double-click to open, and see the cause and path of the error. Because there is no way to open the folder, and the safe mode can't open the folder, continue to use the new task under the explorer, select the hard disk partition in the window through the browsing function, find the path, find the folder pointed to by the attack path, and right-click to use 360 force delete to delete the folder.

After shutting down, continue to use Explorer to create a new one, enter the desktop normally, and no longer prompt an error restart.

Logging of program errors.

This time I met a company called, the program seems to be a technology company in Chongqing. Because you can't use the explorer to show hidden files, you have to force delete the entire folder.

It is recommended to use PC Manager virus to scan and kill;

1 possibility that the logic of the original login program is broken, and there will be a blue screen, which is a sign of a virus, 2 possibilities, some parts of your hardware are not properly configured, 3 possibilities, some of your hardware is installed with mismatched drivers, 4 possibilities, you have to overclock the machine, resulting in a certain load, crash 5 possibilities, you have to have some hardware may not be plugged in, or damaged, the hardware needs to be upgraded, 6 possibilities, you have to have the operating system needs to be updated, some hardware cannot be recognized, or the driver is upgraded.

Khan you didn't set it up.

You use Super Bunny, which can quickly turn on and off and restart the shortcut to shut down to give you the process.

Enter the Magic Settings, Desktop & Icons, Pre-Table options, create a reboot shortcut to the desktop and tick in front of it.

Very easy to use, no annoyance thank you.

There is this app??? No, the normal system doesn't have this.

Log out to see if the good points are.

Or set it up with Super Bunny Magic.

Close some startup items.

Antivirus or redo the system or write a batch process dragged to run automatically, and each time he restarts himself@echo off

color 0a

rem The operation implemented by the following segment is to restart the process: killexpl

taskkill /f /im

tasklist|find ""

If errorlevel 1 goto nofindecho fails to end explorer, explorer is still running, re-execute.

echo.goto killexpl

exitnofind

echo did not find a process.

echo.echo This program will start the main explorer program

exit

Copy that file from another computer. That's it

There are generally two reasons why the software cannot be uninstalled: 1 is rogue software, 2 is system poison or Trojan horse! In this case, you can use third-party software to uninstall, and the better ones are 360 Software Manager, Windows Cleanup Tool (very effective), Rubik's Cube, etc.!

Under normal circumstances, it shouldn't, after all, this is Blizzard's thing, not the number that can't be deleted.

So you'd better use a non-digital such as Norton360 to check for poison first, and then delete it, if it doesn't work, use ccleaner or 360amigo to delete it again.