Windows system >> Windows tutorial synthesis  >> System FAQ

Pull out the virus hidden in the process

  

Gradually, we will find that no matter how well protected the computer virus or Trojan is still unexpected, especially in some processes, it is difficult to see.

Any virus and trojan exist in the system, and can't completely separate from the process. Even with the hidden technology, it can still find clues from the process. Therefore, the process of viewing the activity in the system becomes our virus detection. The most direct method of Trojans. But there are so many processes running in the system at the same time, which are normal system processes, which are Trojan processes, and what role does the system process that is often counterfeited by the virus Trojan play in the system? Please see this article.

First, the virus process hides three methods

When we confirm that there is a virus in the system, but through the "task manager" to view the process in the system, we can not find a different process, This shows that the virus uses some hidden measures, summed up there are three methods:

1.1 to fake the real

The normal processes in the system are: svchost.exe, explorer.exe, iexplore.exe, winlogon.exe Etc., you may have found such a process in the system: svch0st.exe, explore.exe, iexplorer.exe, winlogin.exe. Contrast, find the difference? This is a trick that the virus often uses, the purpose is to confuse the user's eyes. Usually they will change the o of the normal process name in the system to 0, l to i, i to j, and then become their own process name, only a word difference, the meaning is completely different. Or one more letter or one less letter, for example, explorer.exe and iexplore.exe are easy to confuse, and then an iexplorer.exe is even more confusing. If the user is not careful, it is generally ignored, and the virus process has escaped.

1.2 Stealing the column

If the user is more careful, then the above trick is useless, the virus will be localized. Ever since, the virus has also learned to be smart, and knows how to steal the column. If the name of a process is svchost.exe, it is no different from the normal system process name. So is this process safe? No, in fact, it just uses the "task manager" to view the defect of the executable file corresponding to the process. We know that the executable file corresponding to the svchost.exe process is located in the directory "C:WINDOWSsystem32" (Windows2000 is the C:WINNTsystem32 directory). If the virus copies itself to "C:WINDOWS", it is renamed to svchost.exe. After running, we see svchost.exe in the "Task Manager", which is no different from the normal system process. Can you tell which one is a virus process?

System FAQ
Windows system
A few tricks let you say goodbye to the speed of the turtle system running Win7 system

Among all the systems, Win7 users account for the highest proportion, but many friends will find tha
How to cancel the sharing function of Baidu network disk?

Baidu network disk can store your photos, documents, music, videos and other resources, you can shar
How do I disable the built-in microphone in my notebook?

How does the notebook disable the built-in microphone? Notebooks are usually equipped with a built-i
Open the computer host to make a harsh sound, how can it be solved?

Recently, some users have reported a loud and long sound when the computer is turned on and cannot s
Analysis of the reason why the new u disk becomes a garbled file after copying the file

The u disk is a commonly used tool in life. In the process of using it, more or less problems will b
Mobile phone sharing network? Smart computer wireless

Every time at the end of the month, I often worry about the mobile phone traffic that I dont have. T
  • About windows
  • System FAQ
  • System installation tutorial
  • Windows information
  • Windows skills
  • System command
  • System Optimization
  • U disk mount

    • Linux does not start properly. Solution

    IE11 and other browsers in Win8.1 can't access the Internet

    Tutorials: Installing Win8 Dual System with U Disk

    Win7 64-bit Ultimate Edition makes SSD SSD faster optimization method

    Under the win7 system, by setting the display desktop hover time to prevent the phenomenon of transparency

    Win10 Mobile Redstone 3 supports x86 emulator

    What should I do if the menu bar in Win10 Task Manager is missing?

    New, Refresh, and Other Commands in Windows 8 Applications

    Win7+Win8 dual system easy installation tutorial Zero risk super simple 2 steps to get

    Canon LBP 2900 driver installation steps How does WinXP install the Canon LBP 2900 driver?

  • Windows XP System Tutorial
  • Windows 7 System Tutorial
  • Windows 8 System Tutorial
  • Windows 10 System Tutorial
  • Windows 2003 System Tutorial
  • Windows 2008 System Tutorial
  • Windows Vista System Tutorial
  • Windows tutorial synthesis
  • Windows Server System Tutorial
  • Linux system Tutorial
  • Computer software Tutorial
  • Windows NT Tutorial
    • Copyright © Windows knowledge All Rights Reserved