A process is the execution program currently running in the operating system. The executable virus also appears in the system as a "process". We can open the system process list to check which processes are running, determine whether a virus exists through the process name and path. If yes, write down the process name, end the process, and delete the virus program.
1. view the process list
1. to view the process list in Windows 98, click Start → program → attachment → System Tools → system information → software environment → running tasks ", list of opened processes (1 );
Figure 1
2. in Windows 2000, you can press Ctrl + Alt + Del and then click "Task Manager" to open "Windows Task Manager", and then click the "process" tab to View Details (2 ).
Figure 2
3. In Windows XP, press Ctrl + Alt + Del to open "Windows Task Manager" and click the "process" tab to view the process.
Ii. Determine which processes are normal
The List displays the names of all running system processes. 3. system processes generally include basic system processes and additional processes. Basic System processes are essential for system operation, while additional processes can run or end on demand.
Figure 3
1. Basic System Process
Csrss.exe: A subsystem server process that controls the Creation or Deletion of threads in Windows and the 16-bit Virtual DOS environment.
Lsass.exe: Manages IP Security Policies and starts ISAKMP/Oakley (IKE) and IP Security drivers ..
Assumer.exe: Resource Manager.
Smss.exe: A session management subsystem that starts user sessions.
Services.exe: a management tool for system services, including many system services.
System: Windows system Process
System Idle Process: This Process runs on each processor as a single thread and distributes the Time of the processor when the System does not Process other threads.
Spoolsv.exe: Manage print and fax jobs in the buffer zone.
Svchost.exe: when the system starts, svchost.exewill check the location in the registration table to create a dedicated service catalog. If multiple Svchost.exe instances run simultaneously, multiple groups of services are active. Multiple DLL files are calling it.
Winlogon.exe: manage user logon
These processes are crucial to computer operation. Do not "kill" them at will. Otherwise, the normal operation of the system may be directly affected.
2. Add Process
In addition to basic system processes, other processes are additional processes, such as wuauclt.exe (automatic update program) and zookeeper. Additional processes can be selected as needed without affecting the normal operation of the system core.
3. Application Process
The currently running application will also be displayed in the process list. When you want to check for viruses, it is best to close all running programs in the normal way. The virus generally does not end with the application being closed. At this time, if you find "unknown process name" in the system progress table 3, you should list it as a suspicious process. The process names for common diseases and viruses are listed here for your reference.
Avserve.exe Shock Wave virus Process
Java.exe1_services.exe MyDoom virus Process
Svch0st.exe?expl0er=user32.exe the process of bank fraud
Dllhost.exe Shock Wave virus Process
3. handling suspicious Processes
Suspicious processes are not necessarily viruses, so we need to determine whether they are viruses by processing them.
1. Test Method
After a suspicious process is completed, use "Start → search → files or folders", enter the process name to search the hard disk as a keyword, find the corresponding program, and write down its path, move it to a USB flash disk or a floppy disk, and run the software on the computer again. If the software runs normally, the process is redundant or virus, even if it is not a virus, the system can lose weight. Restore the software if it cannot run properly.
2. Search for help
If you have no idea whether the "unknown process" is a virus, you can post it on the Forum (such as bbs.ctips.com.cn, and ask a question in the computer defense column, or use the full name of the process as the keyword to search for it on the search engine and find its relevant information to see if it is a virus. If so, delete it quickly.