Unknown file image hijacking, registry can t be cleared?

There is only one character away from the system process, note that the 0 in the system is the number zero, and the o in the system process is the letter o.

The technical reports on the virus are as follows:

Virus name:"Online banking thieves"（troj_

Virus type: Trojan.

Infected system: win9x winme winnt win2000

winxp/win2003

Virus length: 16,284 bytes.

Mode of Transmission: Network.

1. Generate virus files.

After the virus runs, it creates a copy of itself in the system folder %system% with the file name.

Where, %System% is C: Windows System under Windows 95 98 ME, C: WinNT System32 under Windows NT 2000, and C: under Windows XP

windows\system32）

2. Modify the registry.

The virus modifies the registry to achieve the purpose of running automatically as the system starts.

Hkey Current User Software\Microsoft\Windows Current Version Run:

"%system%\"

"%system%\"

3. Stealing personal online banking information.

After the virus runs, check the title bar of the IE window to determine whether the current window is the login page of online banking, which involves the online trading systems of many domestic banks. As soon as it discovers that the current IE window is the login page of the above-mentioned bank, the virus immediately starts recording all the keystrokes entered by the key, including almost all possible keystrokes. The stolen user information includes online banking account numbers, passwords, verification codes, etc.

4. Send the stolen information to the specified address.

The virus intercepts the keypad values entered by the infected computer and sends the stolen information to the specified address.

To clear it: Close System Restore and start running: msconfig (Run System Configurator).

Cancel in the launch"" = "%system%\"with"" = "%system%\"Two preceding ticks.

Open Task Manager to terminate, to see clearly and don't make a mistake.

Clean up the registry with Super Bunny!

The one on the first floor thought of me together. Windows Cleanup Assistant is indeed the go-to when it comes to malware removal.

Use Kingsoft NetShield's one-click repair, and then check and kill it all. If the program doesn't work, you can change the name and try again.

Windows comes with about 60 iFeO image hijacker keys, and AutoRuns doesn't show up for these normal ifeo keys. If there is an unusual ifeo key item (which is not native to Windows), it will be displayed.

C: Windows System32 is a system process item about system services Deleting this file will cause the system to crash.

It is recommended to use Kaba to disinfect the virus.

Or forcibly delete it with a 360 file shredder.

Obviously, yours is indeed hijacked It is recommended to enter the safe collapse mode first.,Delete all the data under the key value and then the group file mill is running 360 to clean up Depressed.。。。 Don't mess with ** things. Install a professional antivirus.

Stupid before. 360 is not a professional antivirus.

human supplement 2009-06-23 11:04 Delete registry directly HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution options.