Windows lcass.exe detailed explanation

process name is lcass.exe work in the systme2 folder to generate 4 file names, Ntsvc.ocx, Mswinsck.ocx, Lcass.dll, Lcass.exe deleted from the registry and then Pull the systme2 delete, but will appear again after the restart, how to clear without the help of tools

This virus automatically plays the infection through the U disk, execute setup.pif in the root directory, and generate in system32 Lcass.exe.

If you end the Lcass.exe process, it will pop up automatically within 5 seconds. It seems that until today, you can detect it (I found it reported to the rising day, ?? efficiency? ......)

It took me half an hour to manually remove it, post it and share it:

Edit the following batch file, for example, save as c:\\1.bat (not Edited on the Internet, not to mention here)
kill lcass.exe -f
regsvr32.exe /u /s ntsvc.ocx
pushd c:\\windows\\system32
attrib lcass. Exe -h -s -r -a
del lcass.exe
attrib ntsvc.ocx -h -s -r -a
del ntsvc.ocx
pause

Save it and add it to the registry autorun item (HKLM\\So Ftware\\Microsoft\\Windows\\CurrentVersion\\Run Create a new string value, enter c:\\1.bat If you don't add it on the Internet, don't say it here.
Restart it. Note the CMD window. The output is not deleted successfully, generally should be no problem

Note a few places in the batch:
kill is a small tool to end the system process, Microsoft, online everywhere Can be used; other similar functions can also be. Must be saved to the c drive (that is, the same directory as the batch)

ntsvc.ocx is the plugin for this virus registration (insert IE and /or explorer process, Monitor lcass.exe is running) must be reversed to delete

c:\\windows\\system32 is the system directory, according to the actual directory changes, it seems to be able to use similar $? ? ? ? $, can't remember

I hope that the unfortunate poisoned friend can successfully clear this virus!

You can use this software to go to safe mode to try:
according to anti-virus software The path, write down (this type of virus, killing soft killing will generally report a ****.sys file under the Windows /system32 /drivers folder is a virus file)
1. Download a software : Ice Blade (http://www.ttian.net/website/2005/0829/391.html)
This is a green software that can be used after downloading and unzipping.

2. In the left column of the ice blade, locate the file by directly positioning the file under the folder where the file is located.

3. Sort the files in this folder with the button "Create Time", and carefully view all the files that are the same day as the file was created (but not all of them are virus files). Need your judgment). Right click on them and delete them one by one. Use the same method to check the system32 folder to see if there is a .dll file with the same name, and if so, delete it.

4. Search for the key value of this file in the registry, delete the search--if any.

5. Restart the computer, this thing should be cleared!!!!