Windows system >> Windows tutorial synthesis  >> System FAQ

Experts quickly identify the secret of computer poisoning

  

“ Thousands of defenses, viruses are difficult to prevent & rdquo;. Computer viruses have developed with the development of network technology, and now the virus has become one of the most troublesome and headache problems in our daily computer maintenance. After being infected by a virus, our computer will be paralyzed, and important file information will be leaked. If we can distinguish whether our computer is poisoned or not, we can save a lot of troubles for us. Now let's take a look at the secrets of discriminating computer poisoning shared by experts!

Br>

The first thing to check is the process, the method is simple, after booting, do not start anything!

Step 1: Open the task manager directly to see if there are any suspicious processes, processes that are not known You can Google or Baidu.

PS: If the task manager disappears after a flash, it can be determined that it has been poisoned; if the prompt has been disabled by the administrator, it should be alarmed!

Step 2: Open the ice Software such as the blade, first check whether there is a hidden process (marked in red in the ice blade), and then check whether the path of the system process is correct.

PS : If the ice blade can not be used normally, you can judge that it is poisoned; if there is a red process, you can basically judge that it has been poisoned; if there is a process of the normal system process name that is not in the normal directory, you can also judge that it has been poisoned. .

Step 3: If the process is all normal, use Wsyscheck and other tools to check if a suspicious thread is injected into the normal process.

PS: Wsyscheck will mark the injected process and normal process with different colors. If a process is injected, don't worry, first determine if the injected module is a virus, because some soft kill will also inject into the process. .

Second, the self-starting project

After the process is completed, if no abnormality is found, the startup item is started.

Step 1: Use msconfig to check if there is a suspicious service, start, run, enter “msconfig”, make sure, switch to the service tab, check the "Hide all Microsoft services" checkbox Then, confirm whether the remaining services are normal (can be identified by experience, you can also use the search engine).

PS: If an abnormality is found, it can be determined that it has been poisoned; if msconfig cannot be started, or it is automatically turned off after startup, it can be determined that it has been poisoned.

Step 2: Use msconfig to check if there is a suspicious self-starting item, switch to the “Start” tab, and check it one by one.

The third step, use Autoruns, etc., to view more detailed startup information (including services, drivers and self-starting items, IEBHO and other information).

PS: This requires a certain amount of experience.

Third, network connection

ADSL users, at this time can be virtual dial-up, connected to the Internet.

Then use the ice blade network connection to check whether there is a suspicious connection. For the IP address, you can go to http://www.ip138.com.html to query, the corresponding process and port information can go to Google (www.xitongzhijia.net) or Baidu query.

If you find an abnormality, don't worry, turn off the programs that may use the network in the system (such as download software such as Thunder, automatic update program of anti-virus software, IE browser, etc.), and check the network connection information again.

Fourth, security mode

Restart, directly enter the security mode, if you can not enter, and there is a blue screen and other phenomena, you should be vigilant, may be the sequelae of virus invasion, or the virus has not yet Clear!

V. Image Hijacking

Open the Registry Editor and navigate to HKEY_LOCAL_MACHINE->SOFTWARE->Microsoft->Windows NT->CurrentVersion->Image File Execution Options, check for suspicious image hijacking projects, if you find suspicious items, it is likely to have been poisoned.

VI. CPU time

If the system runs slowly after booting, you can also use CPU time as a reference to find suspicious processes. The method is as follows:

Open the task manager. Switch to the Process tab, point to “View”,“Select Column" in the menu, check “CPU Time”, then confirm, click the title of CPU time, sort, find in addition to SystemIdleProcess and SYSTEM In addition to the process with a large CPU time, this process needs a certain degree of vigilance.

The above points are the unique way for the master to distinguish whether the computer is poisoned or not. In fact, if we can identify whether the computer is poisoned or not in the daily use of the computer, we can save a lot of troubles. I believe this tutorial can help users who are defending against computer viruses.

System FAQ
Windows system
How to solve the unrecognized usb device?

What should I do if the computer prompts for an unrecognized usb device? I believe that many users h
SSIS error recovery tool: CheckPoint

Everyone should be familiar with the use of SSIS data interface, students who have not heard of it h
What are the two major factors related to u disk transmission speed?

In the process of using the u disk, we will inevitably encounter some problems. For example, sometim
The wired mouse light is on but there is no response. How to solve it?

Recently, many users are reporting that the wired mouse light is on but it is not responding. What i
How to solve the problem after the computer is connected to the TV using the HDMI cable?

After many users have connected the TV with a HDMI cable, there is no sound on the TV, but the HDMI

Users can experience Chrome OS

or Windows systems Author: Zhou Pu Google recently announced: they have the Chrome App Launcher o
  • About windows
  • System FAQ
  • System installation tutorial
  • Windows information
  • Windows skills
  • System command
  • System Optimization
  • U disk mount

    • Piracy win7/win8.1 can upgrade win10? How to upgrade win10 official version?

    Where are the NPC and item coordinates of the Tianya Mingyue Knife Pingyang Station Flower Roll

    Answers to some common questions about 64-bit Windows XP

    Win10 new browser or will support voice function

    Tianya Mingyue knife 80-level heart method how to choose Tianya Mingyue knife heart method to choose video tutorial

    Hard disk formatting partition prompt "cannot operate" error solution

    Win7 system can not play Avi format video prompt error "xvidcore.dll not found" What to do?

    Win7 fault repair: "Cannot find the project" error solving Dafa

    How Win8 uses the command line to configure IP address

    [Video] What are the changes in Win10 10074? Windows 10 build 10074 Getting Started Video

  • Windows XP System Tutorial
  • Windows 7 System Tutorial
  • Windows 8 System Tutorial
  • Windows 10 System Tutorial
  • Windows 2003 System Tutorial
  • Windows 2008 System Tutorial
  • Windows Vista System Tutorial
  • Windows tutorial synthesis
  • Windows Server System Tutorial
  • Linux system Tutorial
  • Computer software Tutorial
  • Windows NT Tutorial
    • Copyright © Windows knowledge All Rights Reserved