So, what should we do?
- First of all, press CTRL + ALT + DEL, bring up TASK MANAGER.
- Look for explorer.exe, then right click and END PROCESS TREE
- RUN again Explorer.exe, it will bring back your desktop
- Right click on C: drive, click Tools | Folder options | tab to VIEW | uncheck "Hide protected operating system files"
- It will shows all protected files, look for any suspicious *.vbs files and autorun.inf, remove those.
- Then, let's go to another steps, go to RUN | type MSCONFIG, tab to STARTUP
- uncheck any start up processes that execute suspicious *.vbs files.
- Finally to ensure that no startup process for those *.vbs, go to START | RUN | type REGEDIT.
- Explore to HKLM\Software\Microsoft\WINDOWS NT\CurrentVersion\WinLogon, look for Userinit
- The default value for userinit should be C:\WINDOWS\system32\userinit.exe,
- At the end, you could restart your computer now.
0 comments:
Post a Comment