I encountered a very depressing thing today. A Taobao and IE icon automatically appeared on the desktop of a machine, which could not be deleted. I looked at it and didn’t want to care what it was. I just wiped it and reinstalled the system.
But, I’m depressed, I’ve finished pretending, but I’m still there! ! ! Moreover, the startup item C:windowsnat.exe cannot be deleted. I found it in the registry and deleted it one by one, and then restarted. The system has been installed 4 or 5 times, and every partition has been formatted, but it still remains the same, completely crashing.
After some ferrying, it turns out that this NAT.EXE is called ghosting! It is a very awesome virus . I read a solution online, now I copy it in full and will test it tomorrow:
nat.exe is a very awesome virus. I encountered this virus yesterday. A customer was poisoned and all machine folders were hidden. This is easy to solve! A file with the same name as .exe is generated next to all folders. Just double-click this folder, Lima will execute the virus main program, and the machine will automatically download the Trojan when it is connected to the Internet. The most obvious sign of this virus is that there is a Taobao icon on the desktop that cannot be deleted. Sometimes there is also an IE logo, which will automatically download a Trojan after opening it. It doesn't work for the system, and it doesn't work for the C drive. I have done the system three times, but only formatting the C drive cannot solve the problem at all. The fault is that the virus program NAT.EXE is automatically loaded upon startup; the virus directory of this awesome virus is C: WINDOWSNAT.EXE. If you use 360 Security Guard to repair it, the system will have a blue screen after restarting. No matter how many times you try it on the system,
the nat.exe ghost virus removal method:
1. Use the DISKGEN software under DOS to repair the partition table, rebuild it, and then use Kingsoft 2011 full-disk antivirus It takes 1-2 hours
2. It seems that the virus contained in the partition table cannot be killed by any anti-virus software. At this time, using 360 Safe to kill it requires multiple checks. Kill after killing. You must remember to check and kill multiple times. After checking and killing, use anti-virus software to perform full anti-virus, and then use 360 Security Guard or Kingsoft Guard to repair IE. In the end, it can still be solved. It takes 2-3 hours
3. The stupidest method is low-level formatting of the entire DM. This is the most direct and hassle-free. If you don’t want to waste time, just format it directly. This is the fastest, 1 minute for low level, 10 minutes for the system, and up to half an hour to complete.
Another method is to kill the nat.exe process, go to the windows directory, create a new nat.exe file, and set it to self-reading. I'll give it a try tomorrow during the day.
Regarding the problem of DM low format, my DM957 cannot get a 500GB hard drive, which is quite sad. I just downloaded a DM10 IMG and will burn it tomorrow and play around with it.
For how to use DM10, please read my follow-up article: https://www.vpsok.net/other/article_2097.html?
