poisoning is not terrible, because professional security software can help anti-virus, but terrible is not security awareness. In the era of virus flooding, poisoning is inevitable, but after poisoning we How to deal with it? This is a difficult choice in front of everyone. Due to the work relationship, Xiaobian often has to fight with these annoying things. To this end, I have compiled some effective methods today. For your reference and reference.
First, some of the performance of poisoning
How do we know the virus in the computer? In fact, computer poisoning is the same as people, there will always be some obvious symptoms. For example, the machine runs very slowly, can't get on the network, the anti-virus software can't be born, the word document can't be opened, the computer can't start normally, the hard disk partition can't be found, the data is lost, etc. It is some signs of poisoning.
Second, poisoning diagnosis
1, press Ctrl + Shift + Ese button (simultaneously press this three button), bring up the windows task manager to view the system running process, find the unfamiliar process and write down its name ( This requires experience) if these processes are viruses, so as to facilitate subsequent cleanup. Don't end these processes for the time being, because some viruses or illegal processes may not end here. Click Performance to view the current status of the CPU and memory. If the CPU utilization is close to 100% or the memory usage is high, the possibility of computer poisoning is 95%.
2. View the currently started service items of Windows. , by "Control Panel" "Administrative Tools" in the Open “Services”. Look at the status of the right column is "Start" & rdquo; start the category is "Automatic" items; in general, the normal windows service, basically has a description of the content (except for a few hackers or worms forged) At this point, double-click to open the service item that is considered to have a problem and view the path and name of the executable file in its properties. If its name and path are C:winntsystem32explored.exe, the computer will recruit. There is a situation where "Control Panel" can't open or all the icons inside run to the left, there is a vertical scroll bar in the middle, and the right side is blank, then double-click Add/Remove Programs or Administrative Tools, the form is empty. This is the feature of the virus file winhlpp32.exe attack.
3, run the registry editor, the command is regedit or regedt32, see that those programs are started with windows. Mainly look at Hkey_Local_MachineSoftwareMicroSoftWindowsCurrentVersionRun and the following several RunOnce, etc., check the value of the item on the right side of the form to see if there is an illegal startup item. WindowsXp running msconfig also plays the same role. With the accumulation of experience, you can easily determine the startup of the virus.
4, use the browser to judge online. The previous Gaobot virus can be found on yahoo.com, sony.com, etc., but cannot visit websites of famous security vendors such as www.symantec.com and www.ca.com. Antivirus software installed with symantecNorton2004 cannot access the Internet. upgrade.
5, unhide the properties, view the system folder winnt (windows) system32, if the folder is empty, it indicates that the computer has been poisoned; after opening system32, you can sort the icons by type to see if there is any popular virus execution The file exists. By the way, check the folders Tasks, wins, drivers. At present, some virus execution files are hidden here; the files under driversetc are viruses that like tampering. It was originally only about 700 bytes, and it has become 1Kb or more after being tampered with. This is the reason why the general website can be accessed and the security vendor website cannot be accessed, and the famous anti-virus software cannot be upgraded.
6, by anti-virus software to determine whether it is poisoned, if poisoned, anti-virus software will be automatically terminated by the virus program, and manual upgrade failed … … anti-virus, recommended
three, anti-virus
1, in the registry Delete the illegal program that was started with the system, then search the registry for all the key values and delete them. The virus program started as a system service will be hidden in Hkey_Local_MachineSystemControlSet001services and controlset002services, and will be eliminated after being found.
2, stop the problematic service, change automatically to prohibit.
3, if the file system32driversetchosts has been tampered with, restore it, that is, only one line of valid value "127.0.0.1localhost", the rest of the line is deleted. Then set the host to read-only.
4, restart the computer, 摁 F8 into “ with network security mode & rdquo;. The purpose is to prevent the virus program from starting, and to upgrade the Windows upgrade and upgrade the anti-virus software.