Summary of virus cleanup Methods

Arrows in the demon world

1. Clear viruses in safe or pure DOS mode

When a computer is infected with a virus, the vast majority of virus infections can be completely cleared in normal Mode. Here, the accurate description of normal Mode should be Real Mode ), let's talk about it in plain words. It includes "MS-DOS mode" or "command prompt" for Windows in normal mode and Windows in normal mode ". However, some viruses often attack anti-virus software or even delete the anti-virus software in the system because they are more concealed and tricky, the vast majority of anti-virus software for such viruses are designed to be installed, used, and processed in security mode. When cleaning in Safe Mode or pure DOS, for most popular viruses, such as worms, Trojans, and webpage code viruses, they can be completely cleared in safe mode, and do not need to start anti-virus using a floppy disk as before; however, some boot zone viruses and Viruses Infected with executable files require anti-virus in pure DOS (we recommend that you use a clean floppy disk to enable anti-virus ). In addition, when a computer is infected with a virus, you need to install the anti-virus software (upgrade to the latest virus database) in Safe Mode) or clear the virus in pure DOS!

Ii. add files with viruses to some mail files

The vast majority of anti-virus software can directly check whether the files in these mail files are infected with viruses. For emails infected with viruses in the mailbox, you can set anti-virus or delete the emails infected with viruses according to the user's settings, however, due to the composite file structure of these mailboxes, virus attacks can still be detected in the mailbox after virus removal. This is because the mailbox is not compressed for space release, you can select "Tools"> "options"> "maintenance"> "clear now"> "compression" in Outlook Express to delete all offline content, also select and delete them.

3. The files with viruses are in the Restore directory, *. cpy File

This is the directory where the system restores and stores the restored files. This directory is available only when the Windows Me/XP/VISTA operating system is installed. This directory is protected by the system. In this case, you need to cancel the "System Restore" function, delete the files with viruses, and even delete the entire directory.

The four-character drug files are stored in. rar,. Zip,. cab, and other compressed files.

For the vast majority of anti-virus software, the function of virus detection and removal in compressed files has been basically improved, some special types of compressed files or compressed files with password protection may be cleared directly. To clear the virus in the compressed file, we recommend that you decompress the file and clear it, or use the plug-in anti-virus program function of the compression tool software to disinfect the compressed files with viruses.

5. Virus residue code in the file

In this case, the most common is the Residual code with CIH, Funlove, macro viruses (including macro viruses in documents such as Word, Excel, Powerpoint, and Wordpro) and individual webpage viruses, generally, antivirus software reports the suffix of the virus name to these files with Residual code, such as int and so on, and is not common, such as W32/FunLove. app, W32.Funlove.int. Under normal circumstances, the residual code will not affect the running of Normal programs, and will not be infected. If you need to completely clear the code, you need to clear the virus based on the actual situation. You can also use related clearing tools and modify the registry.

Vi. Share directory Anti-Virus

The virus files in the shared local directory cannot be cleared. When other users in the LAN are reading and writing these files, the virus is detected as being unable to directly clear the viruses in these files, if a virus is writing a virus to these directories, the virus is cleared after the shared directory is infected or new virus files are generated. In the above two cases, we recommend that you cancel sharing and thoroughly scan and kill shared directories. When resuming sharing, be sure not to open too high permissions and add a password to the shared directory. When virus removal is performed on a remote shared directory (including a ing disk), ensure that the operating system of the Local Computer is clean and that the shared directory has the highest read and write permissions. If the remote computer is infected with the virus, we recommend that you directly scan and kill the virus on the remote computer. In particular, we recommend that you cancel all local sharing and then perform anti-virus operations when removing other viruses. During normal usage, you should also pay attention to the security of the shared directory, add a password, and do not directly read the files in the remote shared directory if necessary, we recommend that you copy the data to the local computer and check the virus before performing the operation.