What is a Virus Scan?

This is a PE virus under Windows. It is written in VB6 and is a Trojan horse that automatically visits a site. The virus will add its own startup entries in multiple places in the registry. It will also modify the system file WIN.INI and add "RUN" = "% WINDIR% \ SMSS.EXE" to the [WINDOWS] entry.

tspy virus

Chinese name: tspy virus
Virus name:: TSPY_LINEAGE.AZO

Write: VB6
Nature: Trojan virus

SMSS.EXE: Session Manager Subsystem, the process is a session

1. Please enter safe mode first:

Please restart your computer

2. Press the F8 key repeatedly until the selection screen appears (do not hold it down)

3. Please select the first item "Safe Mode" and press ENTER

Second, modify the login code:

1. Click | Start | Run |, enter REGEDIT, and press Enter. Open [Login Editor]

2.In the left window, look for the following path:

HKEY_LOCAL_MACHINE> SOFTWARE> Microsoft> Windows

NT> CurrentVersion> Winlogon

3. In the window on the right, look for the key value of the following "path".

Userinit = "c: \ windows \ system32 \ userinit.exe, c: \ Program Files \ Windows Media

Player \ svchost.exe, "

4. Modify it to the following code value. (Right-click> click "Modify"> enter the following in "Value data"

Value> press "OK")

Userinit = "c: \ windows \ system32 \ userinit.exe,

5. Close [Login Editor]

Third, close Windows XP "System Restore"

1. Right-click on "My Computer" and click "Properties".

2. Select the "System Restore" tab.

3. Please check "Turn off system restore on all disks" and click "OK".

4. If the message "This will delete all existing system restores", please click "Yes".

5. Click "OK".

After restarting the computer, manually update the virus code, and then do a full scan manually to check whether the virus has been removed.

Work. </ CA>

What is a Virus Scan?

tspy virus

IN OTHER LANGUAGES

RELATED ARTICLES

How can we help?