China DOS Union

From the description of the original poster, several doubts are found. Please the original poster can find the solution through these doubts:

1. I found that the original poster tried various methods, but did not see the original poster installing security patches for the system. I always think that for any virus and trojan horse, prevention is better than cure.

2. Since the machine has a hardware restore card, in principle, the system should not be afraid of being damaged by the virus. Just restart all machines and restore it, right?

3. Since this virus is spread through the weak password of the system and the default management share, why not remove the management share of all machines? This can be permanently realized by modifying the registry. For the specific method, please google.

Reply to the above:
I often install security patches, but I don't know if there are new patches released recently. Thanks for the reminder!
The computer doesn't have a restore card, but has Restore Wizard installed, and it only protects the system drive. In fact, including Restore Wizard, restore cards, Freeze and other things are helpless against it.
It can't work normally without sharing here, so it's not feasible. Modify the registry? I tried deleting the registry startup items and forbidding the virus program from running.
This virus is really awesome!!
Alas, I cut off the network of some machines yesterday and killed the virus one by one. Now it seems there's nothing wrong, and the virus killing is in progress~~~

The sound of the wind and the cry of cranes make one terrified, and people talk about viruses with horror.

I don't want to say more about how to check and kill viruses. As for your situation, if you can set permissions properly, you should be able to solve the problem.

Set all the keys in the registry that may be used to start viruses to be forbidden to write. Set all the keys related to IE settings to be forbidden to write (it's best not to set the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings key to be forbidden to write, otherwise opening IE will be about 1 second slower than usual). Set the startup folder to be read-only and not writable. Except for some folders of software that may be updated under the C drive, all others are forbidden to write, especially the windows and system32 directories.

Thanks to the moderator, it's almost cleared now, and we're strengthening protection.

Hope it will be peaceful from now on.

........................................

Passing by

(Muttering to myself: I've always run naked, never been hit, never been hit, never been hit,......)

Damn, someone dares to pass by my place!

This road was opened by me

This tree was planted by me

If you want to pass here

Leave toll money!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

We also got infected here. Finally, we reinstalled the system and did a full-disk clone to feel at ease. Too toxic!!!!!

NOD32 this antivirus software can kill logo_1

Sympathizing with the thread starter. Some viruses are indeed powerful, but as some netizens said, prevention is better than cure.

I just saw this post today. I haven't encountered the virus mentioned by the original poster. So I won't discuss it specifically. I'll just talk about my experience with antivirus and exchange with everyone. Also, please share your respective experiences.

First, talk about antivirus software.
Regarding which antivirus software is good, this has been a matter of debate. Some say AAA is the best and ZZZ is the worst, and vice versa. Some also say neither is good and XXX is the best. There are always several antivirus software that are relatively top in terms of the number of viruses detected, resource consumption, ease of use, etc. But my view is that the free ones are the best, and those with free updates are the best (including cracked versions).

Then talk about how to kill viruses.
Before talking about this, I always had an idea to say to everyone and even all in the IT industry: The current "virus" doesn't deserve to be called a virus and shouldn't be called a virus anymore. Why? Think about it. Originally, computer viruses borrowed the concept of biological viruses because their survival and behavior are extremely similar to biological viruses. First, it cannot exist alone and must be parasitic in normal files or the sectors used by the system, that is, it cannot exist as a single file. Because if it dared to exist as a single file, I could immediately delete it with "del"! So it must hide secretly.
In the Windows era, the situation is different. A virus can actually exist openly as one or several files! It dares to jump out! Why? This is caused by Windows! In DOS, there are not many places related to startup, and I can easily know where is abnormal. But in Windows, I thought I knew everything today, but one day I don't know where another place will pop up. Oh my god, I didn't expect this place is also related to startup?! In addition to the system's own startup, the startup of the resource manager and IE may all be used by viruses. And Microsoft has never clearly stated which files are related to the startup of the system and an application. I don't know if Microsoft's own engineers can make each item in the registry clear and explicit. Therefore, Windows itself is a huge place full of dirt! The current virus is precisely taking advantage of people's ignorance of system files so that it dares to exist as a file. Therefore, the current computer virus should not be called a virus, but should be called a bacterium, should be called a computer bacterium! (As far as I know, I am the first one to put forward this idea)
However, precisely because the current virus (let's call it by the habit for now) dares to exist as a file, it also enables us to remove it manually. I currently have only two types of viruses that cannot be removed manually in a virus-infected environment. One is 3721, and the other is a virus that replaces the most basic system files of Windows, that is, the system files that are also called in safe mode. The rest of the viruses can basically be manually deleted even in a virus-infected environment. Even if the virus files are not completely deleted, at least it can be made inactive, and then the antivirus software can be called to perform a full scan. The virus like smss.exe mentioned by sister afn, I have encountered it and it was removed manually.

Okay, let's stop talking big. If other people have any experiences and challenges, welcome to share and exchange.

That's wonderful, applause. "Whoosh whoosh whoosh........"

Is the owner engaged in network management work?

Nowadays, computer viruses shouldn't be called viruses, but should be called bacteria, should be called computer bacteria! (As far as I know, I was the first one to come up with this idea)

DOSforever is creative! But "germ" has divisions like "probiotics", while "virus" doesn't.

Hehe, what you said is right. But in my memory, there used to be a kind of virus that would clear several viruses when it activated, and it itself seemed to have no harm. I forgot what it was called.