Sports FAQ
Home / Racing

I am at home I can not install 跑跑 卡丁车 enter

luzhuo0072010-03-15 21:10:45 +0000 #1
1 entry on the show this program can not be WINLOGON.EXE under concurrent proceedings

ask how close this program please consult expert under ah
Tao Tsai 5202010-03-15 21:17:18 +0000 #2
This process is is not a legend in the world using the 51 program icons will produce a cracked version of family heirloom WINLOGON.EXE process

the normal winlogon system process, its users, called "SYSTEM" process known as lowercase winlogon.exe.

While disguised as a Trojan horse program in the process of its users, called the current system user name, and the program is called uppercase WINLOGON.exe.

Process View mode ctrl + alt + del and then the selection process. Under normal circumstances there is one and only one winlogon.exe process, the user name "SYSTEM". If there were two winlogon.exe, and one of the capital, the user called the current system, if the user indicates that there may be Trojan horses.

This Trojan is very powerful, able to destroy Trojan nemesis, it does not work correctly. Currently I use other anti-virus software can not detect.

That is indeed WINLOGON.EXE under WINDOWS is a virus, but she is nothing but a small role in this virus only, we open the D drive to see if there is a pagefile in DOS point to files and an autorun.inf file, and Oh, of course, are hidden, and delete these useless, because she was associated with a lot of things, even in safe mode all Nangao, as long as run any program, or double-click to open D drive, she will again be installed, and Oh, this period of time many people have stolen a family heirloom that is because of this break, and it is not anti-virus software, check out, it was called the virus as "luoxue" is a special Pirates of the legend of the Trojan legend in the world, as will the Pirates of the other accounts, such as QQ, Internet Banking to see her happy, Oh, I guess we all be recorded. Are not afraid of poisoning and to reduce the losses to open the firewall to stop the best addition to their confidence to go out a few common tasks that other full stop, of course, we had better be back up as soon as possible, and then close the new parties such as anti-virus

including the modified 51pywg heirloom, and their break all the other plug-ins, this is the biggest suspect 51PYWG, the other partner sites the relationship between the estimated and major owners, especially in side the new site, has been proven many times on the site put Trojan horse, although he explained that was black, but the can not rule out other possible, especially those who care to connect the site to start after the plug, not excluding the starter itself is toxic, anyway, a word, this link to start a site on the most vulnerable to poisoning of the cracking software, as to when to release, how parties, such as put a few hours a day, to see how he must be cool, use it as completely as possible with the kind of validation of local crack version, although the African Union now seems to hang, were found not put horses or their own place, but be very careful, most recently World of Legend Legend N people have been Daohao aim directly at these sites, the following is the latest special poisonous WINLOGON.EXE Daohao virus removal methods, attention to this false WINLOGON.EXE in WINDOWS, the process inside the performance for the current user or ADMINISTRATOR. In addition 1 SYSTEM The winlogon.exe is normal, that do not indiscriminately delete and see for themselves, and in front of one is the capital, followed by a lowercase, but also partially User confirmed that this file is to connect the destination for Henan.

Solve the "luoxue" virus approach

symptoms: D drive double-click not open, which has autorun.inf and pagefile.com file

to do this people have the virus too, and in safe mode the same can not be resolved with the Administrator! After an afternoon of hard work be considered barely resolved. What I am useless killing Trojan horse software, all is manually one by one, pulling it out of his deleted. The following documents associated with it, the vast majority of files are displayed as system files and hidden. Therefore, in the Folder Options to open the Show hidden files inside.

D tray of the two, and made you can not double-click to open D drive. C tray tray of the much more!

D: \ autorun.inf

D: \ pagefile.com

C: \ Program Files \ Internet Explorer \ iexplore.com

C: \ Program Files \ Common Files \ iexplore.com

C: \ WINDOWS \ 1.com

C: \ WINDOWS \ iexplore.com

C: \ WINDOWS \ finder.com

C: \ WINDOWS \ Exeroud.exe (the name is not forgotten, and red icons are legendary in the world icon)

C: \ WINDOWS \ Debug \ *** Programme.exe (that is above the icon, the name of forgot-_-good good distinctly un-hidden)

C: \ Windows \ system32 \ command.com Do not delete it to see if we are going to the following points while not the same as the date and other documents, like the date, if the majority of system files and other documents the same as the date can not be deleted, of course, system files, this is certainly not the time.

C: \ Windows \ system32 \ msconfig.com

C: \ Windows \ system32 \ regedit.com

C: \ Windows \ system32 \ dxdiag.com

C: \ Windows \ system32 \ rundll32.com

C: \ Windows \ system32 \ finder.com

C: \ Windows \ system32 \ a.exe

By the way, take a look at the dates of these documents to see if there any other places or the same amount of time to file. COM at the end of the suspicious file, be careful not to run any program, or to start again, and including the double-click the disk

there is a number one file! WINLOGON.EXE! Done so much work for the purpose is to get rid of her! ! !

C: \ Windows \ WINLOGON.EXE

This can be seen in the process where there are two, one is true, one is false.

Really lowercase winlogon.exe, (I wonder if you are not), the user name is SYSTEM,

while the fake is the capital of the WINLOGON.EXE, the user name is your own user name.

This file is in the process where the suspension can not be said that is the key process can not be suspended, and made with the real thing! Even in safe mode it will stay in your process of li
! I now know these, if they do not rest assured that it's best to look at one of the file modification date, and then use the "Search" search files modified on that day, the same time will definitely come out a lot, and even System Restore folder there! ! These documents will be their own association, and if you delete a part, careless operation of a, or in the Start - Run to run msocnfig, command, regedit these commands, all of these files back to the plenary session to add their own!

Know that these documents, first turn off all programs can be closed, open the program inside the annex to the WINDOWS resources manager and, in the above tool inside the folder options set the display inside the view where all files and documents fake, cancel Hide protected operating system files, and then open the Start menu's Run, type the command regedit, into the registry, to

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run

Inside, there is a Torjan pragramme, the obvious "I'm a Trojan horse," delete ! !

And then log off! Re-entering the system, open the "Task Manager" to see if there are no rundll32, yes, the first suspended, I wonder if this is true or not, be careful as well. To the D drive (be careful not to double-click to enter! Otherwise, this will activate the virus), right-select "Open", to delete the autorun.inf and pagefile.com,

and then to the C drive out of the documents listed above, delete ! Halfway careful not to double-click to one of the file, otherwise all the steps must start over! And then log off.

I have fought the process, delete those files, all in all not open exe files, and run the cmd is not OK.

Then, to the C: \ Windows \ system32 where to copy the file out of cmd.exe, for example to the desktop, renamed cmd.com Hei hei, I will use com file, then double-click the COM file

and then the next action can enter into the DOS the command prompt.

Re-enter the following command:

assoc. Exe = exefile (assoc and. Exe spaces between)

ftype exefile = "% 1"% *

so you can run exe files. If not, hit the command, simply open CMD.COM after the above two lines of copy paste in two up the implementation of on it.

But I Nongwan these later, when you boot into the user would have some slow, and will jump out of an alert box that the file "1" not found. (It should be Windows, the 1.com file.), And finally software like Internet Assistant comprehensive restoration IE settings

finally say a few words out of how to solve the boot can not find the file "1.com" approach:

in the running program Run "regedit", open the registry, in the [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon] in

to "Shell" = "Explorer.exe 1" restore "Shell" = "Explorer.exe"

you're done ! We share with you Bar!
Pride of blood mad pull2010-03-15 21:19:57 +0000 #3
... will be automatically shut off, and my family cool dog
jay_xj2010-03-15 22:20:15 +0000 #4
How: Click the "Start" / Programs / Accessories / command prompt, type the command: ntsd-cq-p PID ( That the final PID, the process of change you want to terminate the PID). You are in the process list can be found in a process PID, for example, we were to close the Explorer.exe process in Figure 1, enter: ntsd-cq-p 408 can be.
TT was2010-03-15 22:48:38 +0000 #5
chongzhuang

Reply

Name:
Content:


Other posts in this category