After the computer is recruited, those effective methods

Poisoning is not terrible, because professional security software can help anti-virus, but the terrible thing is that there is no security awareness. In the era of virus flooding, poisoning is inevitable, but what should we do after poisoning? A difficult choice in front of everyone. Due to the relationship between work, Xiao Bian often has to fight with these annoying things. To this end, today I have compiled some effective methods for your reference and reference.

First, some performance of poisoning

How do we know the virus in the computer? In fact, computer poisoning is the same as people's illness, there will always be some obvious symptoms. For example, the machine runs very slowly, can't get on the network, the anti-virus software can't be born, the word document can't be opened, the computer can't start normally, the hard disk partition can't be found, the data is lost, etc. It is some signs of poisoning.

Second, poisoning diagnosis

1, press Ctrl+Shift+Ese (press this button at the same time), call up Windows Task Manager to view the system running process, find out the process is not familiar with And write down its name (this requires experience), if these processes are viruses, in order to facilitate the subsequent removal. Don't end these processes for the time being, because some viruses or illegal processes may not end here. Click Performance to view the current state of the CPU and memory. If the CPU utilization is close to 100% or the memory usage is high, the possibility of computer poisoning is 95%.

2. Check the current Windows startup. The service item is opened by “Control Panel" Administrative Tools" Look at the status of the right column is "Start" & rdquo; start the category is "Automatic" items; in general, the normal windows service, basically has a description of the content (except for a few hackers or worms forged) At this point, double-click to open the service item that is considered to have a problem and view the path and name of the executable file in its properties. If its name and path are C:winntsystem32explored.exe, the computer will recruit. There is a situation where "Control Panel" can't open or all the icons inside run to the left, there is a vertical scroll bar in the middle, and the right side is blank, then double-click Add/Remove Programs or Administrative Tools, the form is empty. This is the feature of the virus file winhlpp32.exe attack.

3, run the registry editor, the command is regedit or regedt32, see those programs are started with windows. Mainly look at Hkey_Local_MachineSoftwareMicroSoftWindowsCurrentVersionRun and the following several RunOnce, etc., check the value of the item on the right side of the form to see if there is an illegal startup item. WindowsXp running msconfig also plays the same role. With the accumulation of experience, you can easily determine the startup of the virus.

4, use the browser to judge online. The previous Gaobot virus can be found on yahoo.com, sony.com, etc., but cannot visit websites of famous security vendors such as www.symantec.com and www.ca.com. Antivirus software installed with symantecNorton2004 cannot access the Internet. upgrade.

5, unhide the property, view the system folder winnt (windows) system32, if the folder is empty, it indicates that the computer has been poisoned; after opening system32, you can sort the icons by type, see if there is any popular The executable file for the virus exists. By the way, check the folders Tasks, wins, drivers. At present, some virus execution files are hidden here; the files under driversetc are viruses that like tampering. It was originally only about 700 bytes, and it has become 1Kb or more after being tampered with. This is the reason why the general website can be accessed and the security vendor website cannot be accessed, and the famous anti-virus software cannot be upgraded.

6, by anti-virus software to determine whether it is poisoned, if poisoned, anti-virus software will be automatically terminated by the virus program, and manual upgrade failure … … anti-virus, recommended

Third, anti-virus

1. Delete the illegal program started with the system in the registry, and then search the registry for all the key values ​​and delete them. The virus program started as a system service will be hidden in Hkey_Local_MachineSystemControlSet001services and controlset002services, and will be eliminated after being found.

2. Stop the problematic service and change it to automatic.

3. If the file system32driversetchosts has been tampered with, restore it, that is, only one line of valid value is left < 127.0.0.1localhost”, and the remaining lines are deleted. Then set the host to read-only.

4, restart the computer, 摁F8 into “ with network security mode & rdquo;. The purpose is to prevent the virus program from starting, and to upgrade the Windows upgrade and upgrade the anti-virus software. Previous12Next page Total 2 pages