Technical analysis in most cases, if the diagram is convenient, redo the system can solve. But in case one, the client is not willing to redo the system, and the host is the unit machine. Secondly, this is not a virus, but the registry has been tampered with and can be recovered through modification.
Solution regedit (register edit) opens the registry editor
Then locate HKEY ﹣ current ﹣ user \ console \% systemroot% ﹣ system32 ﹣ cmd.exe
Change codepage option to hexadecimal 3A8 or decimal “936
Hex “000003a8” or decimal “936” means “936 (ANSI / OEM – Simplified Chinese GBK).”.
Hex “000001b5” or decimal “437” for “437 (oem-usa).”.