It cannot be killed. The solution is as follows. This virus does not require a host. End all anti-virus software. Once the virus enters the computer, it is like a demon, hiding outside the system. It has no files, no system startup items, and no process modules. It runs earlier than the system. It ends all anti-virus software, downloads AV terminator, account stealing Trojan, and ie home page. Modifications and many other types of viruses. Subverting the tradition, reinstalling the system cannot clear it. General computer viruses are applications under Windows systems that run after Windows is loaded. The main code of the "ghost" virus is parasitic on the master boot record (MBR) of the hard disk. Even if the user reinstalls the system, it still cannot be completely removed. When the system restarts again, the virus will be loaded before the operating system kernel. When the virus runs successfully, no abnormalities can be found in the process or system startup add-ons, and the virus "haunts" the infected computer like a "ghost". The "ghost" virus is the first bootloader virus in China. It subverts the infection characteristics of traditional viruses and the user's mindset in dealing with virus problems. It not only achieves the "three noes" characteristics - no files, no system startup items, There is no process module, and even if the user reinstalls the system, the virus will still enter the user's new system again. When the security software fails, the computer will obviously slow down. After the "ghost" virus invades, it will release the driver to rewrite the hard disk MBR (Master Boot Record). The driver will attack many anti-virus software during the boot process, rendering the anti-virus software ineffective, and then downloading traditional AV termination As a Trojan downloader, the ultimate goal is still to spread account-stealing Trojans and steal users' virtual property for profit. After being poisoned, the most intuitive phenomenon is that the security software cannot run normally, the computer slows down significantly, and the IE homepage is changed. The "ghost" virus is parasitic on the disk master boot record (MBR). Even if you format and reinstall the system with ghost, the virus cannot be removed. When the system restarts again, the virus will be loaded before the operating system kernel. When the virus runs successfully, no abnormalities can be found in the process or system startup add-ons, and the virus "haunts" the infected computer like a "ghost".

In addition to having the characteristics of Ghost 1, Ghost 2 will also release malicious drivers to prevent specific security software with digital signatures from running. Last week, Kingsoft Antivirus Security Lab analyzed the intercepted sample and found that the malicious driver released by the sample prevented the operation of 12 domestic and foreign anti-virus software. Kingsoft Antivirus Security Laboratory has urgently upgraded the Ghost Killer. Currently, the Ghost Killer can detect and kill the latest Ghost variant - Ghost 2 virus. You can download /soft/44/45/81639/ to clean it up. Another way is to reinstall the system, format the C drive, enter the dos state, and run the fdisk/mbr command to clear the virus boot code in the main boot area. At this time, you can just reinstall the system, but this is a complete installation. It works. If you use GHOST to install the system, you need to do the following steps: 1. Enter the PQ/PM partition tool through the GHOST system disk. Generally, the GHOST system disk comes with it. 2. Right-click the c drive and select Advanced-Set as Function. This will rewrite the MBR boot layer, so that the viruses in the boot layer will naturally be eliminated. 3. Install the system directly using the GHOST system disk and it will be OK. [2] Manual killing method under DOS. Step 1: Find a special killing tool: It is recommended to use "One-click GHOST", in which the small tool DISKRW that comes with the DOS toolbox can perfectly solve the problem. Step 2: Kill the MBR virus 1. Clear the hard disk reserved sectors other than MBR. Install or create "One-click GHOST", boot into One-click GHOST, and when the red interface finally appears, press the ESC key to return to the main menu, and press the arrow keys to select "DOS Toolbox" --> "DISKRW" --> "3. Clear" --> "Clear(2)" --> OK. (Note, try to use the 2010 version, earlier versions are not guaranteed to have this function). 2. Repair the MBR (a critical step, must be done), then next step, select "4. Repair" --> "Repair (F)" --> OK. Step 3: Reinstall or restore the system. After completing the second step, be sure not to restart your computer and enter WINDOWS, otherwise you will be infected again. The correct method is to put the system installation CD into the CD-ROM drive and reinstall the system. Or if you have a local system backup (of course the backup you made before you were infected with the virus), you can also use the "One-click system recovery" function to restore it. Step 4: Complete anti-virus. After returning to WINDOWS, you need to upgrade your anti-virus software to the latest version (the latest virus database), and then perform a "full scan and kill" to remove the virus hosts remaining in non-system disks (such as D drive, E drive, F drive) Files are killed in order to “eliminate the root cause”.