What is SNSS.EXE? Why does it pop up as soon as it is turned on?

After being infected with this U disk virus, the main symptoms of the computer are:

1, "Music. Exe "appears under each hard drive letter, if the file or folder originally named" Music "becomes a hidden file;

2. The home page of IE browser has been tampered with as www.cnxhack.com, and IE will run automatically every time it is turned on. At the same time, the Internet option is disabled, and the slogan "Ximeng Network-the largest network security portal in China" is added behind the IE browser in the IE window (I think this is particularly ironic ~ ~). By the way, this will happen in IE7 and IE6, and other IE vest browsers, such as Maxthon or Window of the World, are normal (the principle will be explained later);

3. Some antivirus software failed to respond to this virus, and kept prompting to isolate the virus, but could not completely kill it, such as Avast and coffee. Besides, it is impossible for Rui * to find this virus.

4. The system hard disk cannot be opened normally. Double-click the right button to open IE home page automatically. The way to open it is to use Explorer and then jump to disk.

5. Frequent system errors indicate that the "000000xx" memory pointed by a process cannot be "read", and then the running program automatically stops.

6. Restart the antivirus software in safe mode, and continue to find that the virus still persists (Khan ...)

7. No other symptoms have been found for the time being ... (If there are other symptoms, please reply with the thread, thank you. . )

Virus analysis:

1. After poisoning, open "My Computer" and check "Tools-Folder Options-View-Show All Files and Folders". I found three files under all the drive letters, autorun.inf, snss.exe and Music. exe。 The first two are hidden. If all files and folders are not displayed, you will only see "Music". exe”。

2. Open the task manager and find that there is a snss.exe process in the system. Because it is the same as snss.exe hidden under the drive letter, it is suspected that this process is at work. In order to find out whether it is, restarting the discovery system, loading the snss.exe process, and then jumping out of IE's homepage is the ironic "Ximeng Network-the largest network security portal in China". Snss.exe, right-click "Open the location of this process" and find that this process is in the C:Program file with an autorun.inf in it. Open it, and find that the content inside is to locate and run snss.exe. The bad guy is it!

3. This USB flash drive virus shamelessly modified the browser user interface in the group policy. As long as the snss.exe process exists, the homepage cannot be modified, and there is a long list of boring maximum security portals behind iNet Explorer. Because it is modified for IE, IE's vest browser is not affected.

Delete virus:

1, download the ice blade, check the process, and end the process in snss.exe.

Use XDELBOX or UNLOCKER to delete C:Program Filesautorun.inf and c: program Filessnss.exe. XDELBOX needs to check "Clear and prohibit file regeneration".

3. Delete autorun.inf, snss.exe and Music.exe under the drive letter other than drive C, and restart the system, and you're done.

4. After restarting, I found that the name of the webpage in the title bar of IE is still "Ximeng Network-the largest network security portal in China". How to modify it? First, close the open IE browser, click Start → Run, enter gpedit.msc, and then press Enter to start group policy user configuration →Windows settings →Internet Explorer maintenance. Double-click the browser title bar policy and the browser title dialog box will pop up. Check the "Custom Title Bar" check box here and delete "Ximeng Network-China Max" in the "Title Bar Text" text box below. (If it's too much trouble, you can use the super rabbit directly. The super rabbit has this function. )

Autorun.inf is a typical USB flash drive virus. Double-clicking to open the drive letter will be toxic, so please be careful when using the USB flash drive. It's best to immunize yourself, and don't double-click to open it.

XDELBOX Unlocker and Ice Blade Tutorial are connected at the top!