This virus can't be eliminated by general antivirus software, and it can be removed manually. Trojan has three characteristics, namely, hidden process, hidden service and hidden virus file. After the system is infected with it, they will register themselves as system services and generate a group of (3) hidden virus files in the same directory. Virus file names can be changed, but some file names change regularly. So far, virus files are stored under %WinDinr%, and virus file names may be one of the following three groups:

1; G_Server.exe,G_Serever.dll,G_Server_Hook.dll

2; IExplorer.exe,IExplorer.dll.IExplorer_Hook.dll

3; Winlogon.exe.winlogon.dll.winlogon _ hook.dll

The rule of virus file name is; X.exe,X.dll and X._Hook.dll, where "X" refers to the changing part of the file name. In Windows mode, all three virus file names are hidden files. We can check the options of "Show system folder contents" and "Show all files and folders" in the View panel of Folder Options. Then enter the safe mode to see the virus file.

The key to killing Trojan by hand is to find the system service name where the virus is registered and the location where the virus file X.exe is stored. Scanning operation with HijackThis 1.99.1 can be completed in normal Windows environment. Of course, it can also be completed in "safe mode".

After confirming and remembering the virus service name, restart the system to safe mode and open the registry editor. Navigate to HKEY _ local _ machine \ system \ current control set \ services \ virus service name (such as "GrayPigeonServer") to delete it, and delete the whole item.

Keep the system in "safe mode" environment, and still check "Show system folder contents" in the View panel of Folder Options. "Show all files and folders" to ensure that hidden files are displayed, press the "OK" button. According to the path of virus files prompted by HijackThis log, find the virus files and delete them. Restart the system. Manual antivirus is completed.

I killed them in this way, too. Try it. Good luck.