. Everyone commonly uses a U disk to transfer files, which will inevitably infect Trojan viruses like this. These viruses are likely to hide or destroy the Word documents in them, which in turn affects our normal office. With the following solutions, will you still worry about the Word virus? My work machine installed Windows XP system, Xiao Li is ready to print a document on my computer, U disk just plugged into the computer, 360 anti-virus software prompts a virus. Did not care at the time, it prompted a full anti-virus operation. After the killing, I found that all the Word files on the U disk were missing. The files on the U disk are also not backed up. What can I do? Restoring the files in the quarantine carefully recalls the anti-virus process. It is possible that 360 anti-virus software has cleared these documents as viruses. Start the 360 anti-virus software immediately, click on the “Virus check” menu, click on “Isolation and Recovery” at the bottom of the window to enter the 360 Anti-Virus Quarantine window. Select all the files below the quarantined content, then click the “Restore Selected” button in the lower right corner (Figure 1). Find out the files that disappeared from the Word document through the above methods are all EXE file format, not the Word document we need. Maybe the virus program hides the Word document. This is a trick that some viruses use. Next, click on the “Start → Run” menu item on the desktop, and enter the attrib h:\\*.* -h -s command in the “Run” dialog box (Figure 2). All hidden files and system files in the H disk are displayed. After opening the H drive, the missing Word documents are back. Fix Word garbled to open one of the Word documents, pop-up prompt "Word can not start the converter mswrd632" dialog box, click "OK" when prompted to select text encoding, set the encoding text to "Windows (default) & rdquo After that, the first line of the document after opening has the text "Zou Xiaopeng loves Zou Qi", and the content behind it is all garbled (Figure 3). First of all, the Word file header has been tampered with by the Trojan virus, and you must find out where the garbled code is. Copy the Word document of any version without the trick to the C drive, and rename the garbled file to the C drive, so that the two documents are in the same directory. Then, click the “Start → Run” menu item on the desktop, and enter the cmd command in the “Run” dialog box to open the DOS command window interface. Then at the C:\\command prompt, enter the command: & ldquo; FC /B primary and secondary school distance education work b23c.doc primary and secondary school distance education work b23c1.doc & rdquo;, press the Enter key to start comparing the two documents I found that the code of the first two lines in the two documents is different, and the rest of the code is the same, so that the location of the garbled is determined (Figure 4). Second, use the normal Word file header to fix the Word file in Zhongzhao. Run the WinHex program, click on the "File" menu under the window, select the "Open" menu item, in the "Open" dialog box, find the garbled document, double click to open the Word file. Then move the mouse pointer to the first line of the WinHex data area, hold down the right mouse button at D7 and drag to the right for the F7 position. A total of 24 characters are selected. Then click “ Edit & rdquo; main menu, select & ldquo; fill the block & rdquo;, in the dialog box that opens, click & ldquo; fill hexadecimal value & rdquo;, enter the first 24 headers of the Word file in the text box The characters "D0CF11E0A1B11AE100000000", after the determination, completed the repair of the Word file header (Figure 5). Click the “File → Save As” menu again to rename the repaired document at the file name, click “Save” to complete the repair operation. Double-click to open the document, it can be opened normally, and the repair is successful. Clearing the Word virus in the U disk system We found that as long as the computer is infected with the Word garbled virus, the U disk will also be infected with the U disk when copying the file. Therefore, the first task is to remove the virus on the U disk. The first step is to restart the computer and enter the safe mode of Windows XP. After inserting the USB flash drive, double-click to open the USB flash drive. Click “Tools → File to select → View & rdquo; menu, click on the "Show system file contents" & "Show all files and folders" list items, put them in front of Select the box to be selected; at the same time, remove the option of the extension of the known file type & rdquo; remove the previous option, click “ OK & rdquo; to complete the settings. The second step, you can see that each Word document in the U disk has two files with the same file name. Next, select all the files in the exe format in the U disk, right-click and select the “Delete” menu to delete. The third step is to find the Recycled folder in the U disk and delete the folder. Otherwise, after inserting the USB flash drive again, the files in the folder will run automatically, so that “all files and folders are displayed” will be invalidated and the files will be hidden. After the infected Word file in the Word virus U disk on the hard disk is copied to the hard disk, the virus will reside on the hard disk and the memory, infect all open Word documents, and automatically generate an EXE file with the same file name. That is to say, in the process of copying Word files, it will automatically generate another EXE file to be copied to your device, and the virus file will be infected like this. To stop the infection of a virus file, you must cut off the source of the infection. First, press Ctrl+Alt+Del to activate the Task Manager. Click the “Process” menu to view the running process and find that the two process files Rundll32.exe and Svchost.exe (Figure 6) exist at the same time. The path of Svchost.exe is suspicious. Right click on the process. Open the directory where you are, open the C:\\Documents and Settings\\All Users directory, and the file is usually in the C:\\Windows directory, which is the source of the virus. Direct deletion is not feasible and must end the running of these two processes. In the process, select "“ End Process" to end the process, and then delete Svchost.exe in the C:\\Documents and Settings\\All Users directory. Extended reading Once infected with garbled viruses, opening Word documents in the usual way is absolutely garbled. Through repeated experiments, we found a way to open garbled Word documents. The first step is to turn off the firewall and anti-virus software in the system. Otherwise, you will get a virus when you open those garbled Word documents. The second step is to double-click the EXE format file. Because after poisoning, it will produce two files with the same file name, but one is in DOC format and the other is in EXE format. Its file size is 90.5KB. When the EXE format file is run, it automatically runs a Word document with the same name as the virus process. Although its purpose is to deceive our users, it can also be used by us. At this time, save the file in the open document and save it to another location on your computer. Then use anti-virus software or manual methods to kill the virus and remove all the viruses in the system. Open the saved document again and it won't be infected. This article comes from [System Home] www.xp85.com