Nowadays, there are many people who use mobile storage tools, such as USB flash drives, mobile hard disks, MP3, etc. Convenience is accompanied by crisis. Autorun Viruses It is one of the very common viruses, so this article introduces several very simple methods to delete Autorun viruses.
The first symptoms after poisoning are:
Double clicking the drive letter will not open, or a new window will open, or you can select the file opening method…
In fact, the most obvious phenomenon is that there are two new items in the right mouse button, auto or auto play. If you find the above symptoms, you can basically confirm that you are infected with a virus like autorun. However, if it appears after the CD is inserted, it is normal. Please don't think about it. ha-ha.
Trigger method of virus:
Usually, users double click to open the disk. Viruses take advantage of this. Two new key shell commands are added to the registry for the drive letter. When you double click to open the drive letter, the virus will start first, and then open the disk. Sometimes, double click does not respond, and you can only right click to open it. It is still possible to reinstall the system.
Now let's talk about the general methods of killing this kind of virus. I hope you can do it yourself.
The first thing I want to say is the first two points that must be done when building a system:
1. Modify Group Policy Turn off Autoplay
Run -->gpedit. msc -->User Configuration -->System -->Turn off Autoplay -->Enabled - All Drives
2. Turn off a service used for auto play
Run -->services. msc -->Shell Hardware Detection service -->Startup type -->Disable
The following is what you should do after you confirm that you are poisoned. First, end the virus process.
3. Check and kill after poisoning: modify the registry [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerMountPoints2]
Expand all items with "+" under this key value in turn. If there is "command" or "shell"
Write down the files in the following path and delete them all. By default, there is no value under+in all drive letters
4. Open CMD, enter your poisoned drive letter, and use the attrib command to view files with hidden attributes. Generally, they have the srh attributes, which are system, read-only, and hidden attributes. Let's first remove the attribute attached to the file attrib - s - h - r filename, so that you can see the prototype of these files under the root directory, and the rest is the garbage you delete.
Delete/s/q filename
The operation mode under Windows can also be like this. Select the top of the folder, remove the check mark in front of the protected system files hidden by the system, and then display all the files. Then delete the virus.
For stronger viruses, you can delete them with unlocker 1.85. After the above steps, you can basically get rid of the auto virus.
Finally, delete the virus related key value in the registry startup key!
For this kind of virus, there are some auto killing tools on the Internet, which can also be downloaded and checked and killed in the safe mode after being disconnected from the network. ha-ha.
