Questions about U disk ~ ~ ~ ~ ~ ~ ~ ~ ~

Double-click the drive and it won't open.

I believe many people use anti-virus software to kill virus, and find that double-clicking can't open the drive, prompting "Windows can't find XXX. But they can open it by right-clicking. And often after reloading, only the C disk can be opened by double-clicking normally, and the problems of other disks remain the same. In order to solve this headache, I consulted a lot of materials and made a summary based on my own practical experience, hoping to help you solve this problem completely. Take XP system as an example to illustrate here:

Method 1,

First of all, get ready:

1. Open "My Computer-Tools-Folder Options-View" in turn, select "Show all files and folders", and uncheck "Hide protected operating system files (recommended)".

2. Enter each drive with "right click-open" and delete Autorun.inf under the root directory! ! ! If the problem is still unresolved at this time, please try the following methods in turn:

Method two,

Open Tools-Folder Options-File Types, find the drive in the registered file types, click Advanced below, and then click the New button. Fill in "Open" in "Operation" and "explorer.exe% 1" in "Apply for Operation" to return to "Operation".

The disadvantage of this method is that double-clicking the drive will open a new Data Manager window. To prevent this, run regedit and set the key value of [HKEY _ local _ machine \ software \ class \ drive \ shell] in the registry to open2, and change it to 1 or none. If you still can't solve it, try the following methods. Method three,

1. Enter "regedit" in "Run", press enter, open the registry editor, navigate to: HKEY _ class _ root \ drive \ shell, and delete everything under the shell.

2. Enter "regedit" in "Run", press enter, open the registry editor, and navigate to: HKEY _ current _ user \ software \ Microsoft \ Windows \ current version \ resource manager \ mount point S2 \, and delete all shell branches (if any) under all items on the left (each item should be checked to prevent omission). For example, there is a "shell" branch under "{EAD14650-D693-1DA-A6e1-00e04C3f5}". After the above treatment, 99% of the problems should be solved. Good luck to everyone! This may be due to the virus in your machine and the result after disinfection. This virus has a volume label AutoRun.inf file under each drive. Just double-click the drive and the virus will be activated. We need to manually delete the AutoRun.inf file and enter "attrib" at the command prompt.

Autorun.inf -s -h -r "removes its system, read-only and hidden attributes, so enter" del ".

Autorun.inf "can be deleted. Then enter the registry and find the command. EXE "item, and delete the entire shell subitem after finding it.

The specific solution is as follows (take disk D as an example):

Start-Run-cmd (open command prompt)

D: dir/a (you can't see it without parameter A, which means all meanings are displayed)

At this point, you will find an autorun.inf file.

Attrib autorun.inf -s -h -r Delete the system, read-only and hidden attributes of the autorun.inf file, otherwise the autorun.inf cannot be deleted.

Autorun.inf

It's not over here, because you double-clicked the D drive letter and didn't open it but got an error. Request to locate DESKTOP.exe,

At this point, the information of automatic operation has been added to the registry. Clear the relevant information in the registry as follows:

begin

run quickly

Open registry

edit

seek

DESKTOP.exe

The first one found is the automatic operation of drive D, which deletes the entire shell subkey.

Over.

Repeat the above operations several times to solve other driver problems. The information in the registry is together, and the D disk is deleted.

By the way, it was deleted when Shell\Open\Autorun.

Rose virus:

Symptoms: double-click the drive letter to open it, just right-click to open it; A few days later, the system NTDETECT.COM file was deleted and the system could not be started.

Transmission route: USB flash drive, MP3, mobile hard disk.

Check method: Check the check box before "Hide protected operating system files (recommended)" in folder options-view, and select "Show all files and folders" under this item. Then open any drive letter. If you find "rose.exe" and "AUTORUN". INF "file, you are poisoned.

Solution:

Manual:

End the rose.exe process, and then delete the following files: autorun.inf and rose.exe files (including your own USB flash drive, etc. ) Under each drive letter, c:\windows\system32\run.reg, c: \ Windows \ System32 \ Systemdate.ini (which records the time when the NTDETECT.COM file was deleted), d:\systemfile.com file; Finally, delete the dll entry under HKEY _ local _ machine \ software \ Microsoft \ Windows \ current version \ in the registry, and then restart.

Automatic:

Download address of cleaning tool: rose virus antivirus method:

Version 1:

Rose.exe virus mainly displays in:

1, which takes up a lot of cpu resources of the system.

2. Create two rose.exe autorun. INF files under each partition. When you double-click the drive letter, it will show automatic operation, but you can't open the partition.

3. Most of them spread through storage devices such as USB flash drives and mobile hard disks. The harm to the network is still in the process of discovery.

4. It may cause some operating systems to crash, which is manifested by restarting directly and repeatedly after POST and being unable to enter the system.

For some reason, all kinds of anti-virus software do not provide the corresponding virus database, which makes it impossible to kill viruses through anti-virus software. Now the network center provides manual antivirus methods, as follows:

1. Call up the task manager and end all processes named Rose.exe in the process page (it is recommended to repeat this operation in future operations to ensure that virus files do not appear again).

2. Enter "regedit" (XP system) during start-operation to open the registry, find all the "rose.exe" keys, and delete the entire shell subkey after finding them.

3. In My Computer-Tools-Folder Options-View-Show All Files and Folders, uncheck "Hide Protected System Files".

4. Right-click each drive letter-open it (remember not to double-click) and delete all rose.exe and autorun.inf files.

5. Look for rose.exe files under c:windowssystem32, and delete them directly if there are any.

Method 2:

1. Press F8 to select safe mode when turning on the machine.

2. Enter "regedit" (XP system) during start-operation to open the registry, find all the "rose.exe" keys, and delete the entire shell subkey after finding them.

3. In My Computer-Tools-Folder Options-View-Show All Files and Folders, uncheck "Hide Protected System Files".

Find the contents of the TEMP and Temporary Internet Files folders under c: \ documents and settings \ local settings \ and delete all the contents that can be deleted. In addition, under the system volume information directory (folder) (WinXP), please turn off system restore.

The system volume information directory (folder) (WinXP) is all directories used for system restore. If the virus is hidden there, you need to shut down the system to recover.

Turn off Windows XP system restore.

Click "Start". Right-click my computer, and then click Properties.

Click the System Restore tab.

Check Turn off System Restore or Turn off System Restore on all drives.

Click Apply and then click OK.

4. Right-click each drive letter-open it (remember not to double-click) and delete all rose.exe and autorun.inf files.

5. Look for rose.exe files under c:\windows\system32, and delete them directly if there are any.

Post transferred from moderator bug

Method 3:

If the following files are deleted.

X:\autorun.inf

X:\rose.exe

c:\system32\rose.exe

C:\NTDETECT。 Computer output microfilm

c:\NTDETECT。 Computer output microfilm

c:\system.sys

c:\windows\system32\run.reg

c:\ windows \ system32 \ system date . ini

d:\systemdate.ini

d:\systemfile.com

Registry key

rose.exe

Shellexecute=rose.exe

I want to ask if everyone was forced to shut down after being changed to the registry? Because of this code. . . . . .

Experience:

In addition to the above rose virus.

1, which takes up a lot of cpu resources of the system.

2. Create two rose.exe autorun. INF files under each partition. When you double-click the drive letter, it will show automatic operation, but you can't open the partition.

3. Most of them spread through storage devices such as USB flash drives and mobile hard disks. The harm to the network is still in the process of discovery.

4. It may cause some operating systems to crash, which is manifested by restarting directly and repeatedly after POST and being unable to enter the system.

In addition, you can copy the execution file and modify the file name yourself, and save your own registration information in every possible registration information, which may cause browser errors.

Solution:

control manually

1. Call up the task manager and end all processes named Rose.exe in the process page (it is recommended to repeat this operation in subsequent operations (to ensure that virus files will not reappear).

2. Enter "regedit" (XP system) during start-operation to open the registry, find all the "rose.exe" keys, and delete the entire shell subkey after finding them.

3. In My Computer-Tools-Folder Options-View-Show All Files and Folders, uncheck "Hide Protected System Files".

4. Right-click each drive letter-open it (remember not to double-click) and delete all rose.exe and autorun.inf files.

5. Look for rose.exe files under c:windowssystem32, and delete them directly if there are any.

Then refer to the post of moderator zcp08765 to delete it.

X:\autorun.inf

X:\rose.exe

c:\system32\rose.exe

C:\NTDETECT。 Computer output microfilm

c:\NTDETECT。 Computer output microfilm

c:\system.sys

c:\windows\system32\run.reg

c:\ windows \ system32 \ system date . ini

d:\systemdate.ini

d:\systemfile.com

After manual deletion, you will find that all drive letters will be scanned by Jiang Min.

C: \ system volume information \ _ restore {716b96b6-b35c-4784-b6f8-a8f1c6954777} \ rp57 or RP56.

D: \ system volume information \ _ restore {716b96b6-b35c-4784-b6f8-a8f1c6954777} \ rp57 or RP56.

E: \ system volume information \ _ restore {716b96b6-b35c-4784-b6f8-a8f1c6954777} \ rp57 or RP56.

Delete all rose.exe and autorun.inf files and rose.exe and autorun.inf files, and modify the file names.

The modified file name may be a0053 * *. Exea0053 * *。 INF virus files may be deleted manually by sxs.exe virus (the virus will make the partition disk unable to be opened by double clicking).

The virus will cause the partition disk to double-click and fail to open, and Rising will automatically close and fail to open.

After reinstalling the system, double-click the partition disk and hit it again, which made Rising unable to open it automatically and decided to delete it manually.

Phenomenon: System files are hidden and cannot be displayed. Double-clicking the drive letter does not reflect. The task manager found sxs.exe or svchost.exe (a word difference from the system process svchost.exe). Real-time monitoring of antivirus software is automatically turned off and cannot be turned on.

I found many methods on the internet, but they can't be deleted effectively, and there is no killing tool.

Manually delete "sxs.exe virus" method:

Don't double-click the partition disk in the whole process below. When you need to open it, use the right mouse button-open it.

First, shut down the virus process

Ctrl+Alt+Del task manager, look for sxs or SVOHOST (not SVCHOST, there is a letter difference) in the process, if there is, end.

Second, display hidden system files.

Run-Registry Edit

HKEY _ LOCAL _ MACHINE \ Software \ Microsoft \ windows \ current version \ explorer \ Advanced \

Folder\Hidden\SHOWALL, change the CheckedValue key value to 1.

Note here that the virus will delete the original valid DWORD value CheckedValue, create an invalid string value CheckedValue, and change the key value to 0! It's no use changing this to 1. (Some virus variants will directly delete this CheckedValue, as shown below, and build another one yourself. )

Method: Delete this key value of CheckedValue, right-click to create a new -DWORD value-named CheckedValue, and then modify its key value to 1, so you can choose "Show all hidden files" and "Show system files".

Set the option of displaying system files and hidden files in folder-Tools-Folder.

Third, delete the virus.

Click the right mouse button on the partition disk-open it, and you will see that there are two files autorun.inf and sxs.exe in each disk and directory, and delete them. You can also use to search the entire hard disk, but be sure to check "Search for hidden files and folders" in Advanced Options.

Delete the item that the virus automatically runs.

Open the registry and run -regedit

HKEY _ LOCAL _ MACHINE & gt Software & gt Microsoft & gtWindows & gtCurrentVersion & gt Run.

The key value of SoundMam was found under, and there may be two, so delete the key value of c: \ \ Windows \ System32 \ svohost.exe.

Finally, delete SVOHOST.exe or sxs.exe in the directory C:\\WINDOWS\system32\.

After restarting the computer, I found that the antivirus software can be opened, and double-click it to open the partition disk.

If Rising computer monitoring can't be started, or the red umbrella is turned on and turned off, and all monitoring starts fail, then go to Control Panel-Administrative Tools-Services, and find Rising process communication center, which should be disabled. Right-click Properties, change the startup type to automatic, and then enable the service.

According to some netizens, this autorun.inf file is different. It could be a variant. At least the autorun.inf part is the same. Have a plenty of: autorun.inf.****. This * * * may be different. Please add it below.

Joined on August 25th, 2006 16: 25.

Delete the BAT of each virus file.

The following code is saved as bat.

laser record

Sxs.exe attribute

Del/S/Q/F sxs.exe

Attribute autorun.inf -a -h -s