MpKsl virus features are: Once connected to the network svchost.exe process produces a lot of user named administrator, svchost.exe file location normal, but there is no corresponding service, and continue to produce new svchost.exe, access network in the background, occupy a small amount of network speed. The virus load a boot on the system and hidden files and disk module name can not be displayed even if the folder options set to view hidden files. So antivirus software can not be killing.
This article describes a method of killing manually, automatically killing can aid U disk, optical disk, etc. virus.
First, first delete the registry method
1, open the registry, search to find MpKsl (the virus file is MpKslxxxxx.dll, xxxxx random letters, so just check the front part). Find HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ services \ there next MpKslxxxx item (this is a virus service item, you can see DisplayName value guarder1 , the ImagePath value is System32 \ MpKslxxxxx.dll , Start value of 0 ), such as Figure delete the entire entry.
Continue the search can be found
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\
Etc. This has also deleted.
2. If you can not delete, click on the right, authority, points everyone, full control of tick, and then delete it. If you still can not see deleted
3; restart the computer, open My Computer, Tools, Folder Options, View, Hide protected operating system files to remove the hook, and select Show hidden files and folders . Open C: \ WINDOWS \ SYSTEM32 search MpKsl , find MpKslxxxxx.dll file can be deleted. Second, the method to delete files
1, the registry can not be deleted when the need to use the system with PE u disk boot disk or CD-ROM boot.
2, the startup sequence. U disk or CD-ROM with the PE system into the computer, restart the computer, press DEL or F2 enter the BIOS setup U disk or optical disk as a first boot sequence, press F10 to save. Different different computer operating details, refer to Baidu.
3 , delete the virus file
After the automatic reboot into the PE system, C: Finding MpKsl \ WINDOWS \ System32 \ under, find MpKslxxxxx.dll file and delete. Restart the computer, unplug the U disk or CD-ROM, start the computer normally.
4 , clean up the registry
Press 1 to delete the registry method, find and delete MpKslxxxx registry entries.
Third, to prevent the virus produced svchost.exe methods
1, before the end of the network connection explorer.exe process with Task Manager, and then a new virus can not be created explorer.exe svchost.exe.
2, in C: \ Windows \ System32 \ drivers \ etc \ hosts file, add the following fields, but also allows the virus can not create svchost.exe.
127.0.0.1RL1.W7Q.NET
127.0.0.1RES.QHMSG.COM
127.0.0.1GOU.33YSW.COM
3, but prevented the generation of svchost.exe, but the virus still exists.
to sum up:
1, theoretically required to completely antivirus antivirus system in an inactive state. PE system using an optical disk for viruses or virus, killing is in an inactive state of the system.
2, the characteristics of the virus file is questionable suffix exe, sys, dll and other executable files, and the company and describes options file attributes is usually empty. Thus, after finding suspicious files to find the file with Baidu, if there is no information about this document, that it is not a system file, most likely a virus.
Precautions:
Before deleting files or registry idea to back up, so as not to delete the wrong and cause system errors.