运行SREng2,使用“启动项目”－－注册表－－删除
C:\DOCUME~1\new\LOCALS~1\Temp\woso.exe
C:\DOCUME~1\new\LOCALS~1\Temp\ztso.exe
C:\DOCUME~1\new\LOCALS~1\Temp\mhso.exe
C:\DOCUME~1\new\LOCALS~1\Temp\fyso.exe
C:\DOCUME~1\new\LOCALS~1\Temp\jtso.exe
C:\DOCUME~1\new\LOCALS~1\Temp\wlso.exe
C:\DOCUME~1\new\LOCALS~1\Temp\wgso.exe
C:\DOCUME~1\new\LOCALS~1\Temp\wmso.exe
C:\DOCUME~1\new\LOCALS~1\Temp\qjso.exe
C:\DOCUME~1\new\LOCALS~1\Temp\rxso.exe
C:\DOCUME~1\new\LOCALS~1\Temp\wdso.exe
C:\DOCUME~1\new\LOCALS~1\Temp\tlso.exe
C:\DOCUME~1\new\LOCALS~1\Temp\daso.exe
c:\windows\system\smss.exe
C:\Program Files\Internet Explorer\romdrivers.dll

运行(双击)SRENG2，点“启动项目，服务，点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
CoolWare
Windows eyru RunThem
Gentad
iiagcx
Navoct
System Event Notification
，选择“删除服务”
点“设置”选择“否”
重启按F８进入安全模式下
显示隐藏文件
删除：     
C:\WINDOWS\system32\fzsv.dll
C:\PROGRA~1\ztmp\jdwz.dll
:\WINDOWS\system32\Struts.dll
C:\PROGRA~1\COMMON~1\viagix\viagix.dll
C:\Program Files\iesnap\navoct.dll
SystemRoot%\system32\jsdemo.dll
C:\DOCUME~1\new\LOCALS~1\Temp\清空文件夹
C:\PROGRA~1\COMMON~1\viagix\wgsokw.nls
c:\PROGRA~1\iesnap\navstub.dll
c:\progra~1\ztmp\rleh.dll
c:\progra~1\ztmp\mgzc.dll
c:\windows\system\smss.exe注意文件夹
C:\Program Files\Internet Explorer\romdrivers.dll