Anti-Virus series-learn more about virus detection and removal techniques

Some people think that anti-virus is a simple task. Isn't it just by clicking the "anti-virus" button of anti-virus software?

Yes, anti-virus software is required for anti-virus, but it doesn't mean that it is a good thing to do when you click anti-virus. This is why some people kill viruses at one time, and some people can never finish killing viruses. Anti-Virus tips are also required!

This article will not introduce anti-virus settings.

Environment is required for anti-virus. In fact, the best anti-virus environment is the DOS started with a clean boot disk. However, it is unscientific to kill all viruses under DOS! That is, it takes time to reduce the service life of the DOS anti-virus disk. So how can we determine the environment in which the virus is to be killed?

1. Viruses in Activated Non-system files

It's easy to kill this virus. You only need to kill it in a normal Windows environment. Generally, it can be wiped out.

2. Viruses in non-system files that have been activated or attacked

If the virus is detected in a Windows environment, the effect may be compromised. Although the current anti-virus software can detect and kill memory viruses, this technology is not yet mature and may not completely eliminate the virus.

Therefore, the virus should be killed in Windows security mode. In Windows security mode, these viruses are not activated at startup. Therefore, we can safely eliminate viruses.

3. Virus in system files

This type of virus is difficult, so please back up before the operation. To kill such viruses, you must run them in a clean DOS environment. Sometimes it is necessary to scan and kill repeatedly before they can be completely cleared.

4. Network viruses (especially viruses transmitted through LAN)

This type of virus can be cleared only when the network is disconnected, and it is easy to be infected again after being cleared! It is up to the network administrator to eradicate the virus!

5. Virus Infection manufacturers provide specialized antivirus tools

To kill such viruses, you only need to download the free dedicated antivirus tool. The specific anti-virus tool has a relatively high precision. Therefore, we recommend that you use the specific anti-virus tool with conditional permission.

Anti-Virus is very skillful. Therefore, it is very important to select anti-virus software suitable for you and enable monitoring at any time. Do not forget to upgrade it!

 

Anti-Virus series-manually clear hidden viruses and Trojans
Check Registry

The Registry has always been a parasitic place favored by many Trojans and viruses. Note that you must back up the registry before checking the registry.

1. Check HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun and restart in the Registry to check whether there are any unfamiliar Automatic startup files in the key value. The extension is generally EXE, and then remember the trojan file name, search the entire registry and delete all the key values with the same file name. Then, find the hiding location of the Trojan file on your computer and delete it completely.

2. Check the items in the Registry HKEY_LOCAL_MACHINE and HKEY_CURRENT_USERSOFTWAREMicrosoftInternet assumermain (such as Local Page). If you find that the key value has been modified, you only need to modify it based on your judgment. Malicious Code (such as "Wan Hua Gu") often modifies these items.

3. Check whether the default open programs of common file types such as HKEY_CLASSES_ROOTinifileshellopencommand and HKEY_CLASSES_ROOTxtfileshellopencommand are changed. This must be changed back. Many viruses cannot be cleared by default by modifying programs such as. txt and. ini.

Check your system configuration file

The best way to check the system configuration file is to enable the Windows system Configuration handler program (run msconfig.exe from the Startup menu). You can configure Config. sys, Autoexec. bat, system. ini, and win. ini, and select the start time of the system.

1. Check the win. ini file (in C: windows? WINDOWS? Below, "run =" and "load =" are possible ways to load the "Trojan" program. You must pay attention to them carefully. Under normal circumstances, there is nothing behind their equal signs. If you find that there are paths and file names behind them that are not familiar with the Startup File, your computer may be "Trojan. For example, the "GOP Trojan" that attacks QQ will leave traces here.

2. Check the system. ini file (in C: windows). There is a "shell = file name" under the BOOT file ". The specified file name should be "assumer.exefolder. If it is not" assumer.exe "but" shell = assumer.exe ", the program that follows is a" Trojan "program. Then you need to find the program on the hard disk and delete it.

 

 

Anti-Virus series-resolutely eliminate "email viruses"
Mail viruses are actually the same as common computer viruses, but they are called mail viruses because they are mainly transmitted through e-mails ", they are generally spread by means of attachments in emails. Now I will tell you how to eliminate the "email virus" and apply eight tricks to your mailbox.
1. Select a genuine anti-virus software. Scan and filter the virus during email reception by using the mail monitoring function in anti-virus software
2. Upgrade the virus database in time. Virus software vendors update the virus database every day. The update service is very considerate. If users do not upgrade the database in time, it is difficult to scan and kill new viruses.
3. enable the real-time monitoring firewall. The most important function of the firewall is the mail monitoring function.
Success ,. com) or Word documents, you need to use anti-virus software to scan for viruses. If you find that the recipient's email address is very unfamiliar, the domain name is very similar to the normal domestic mailbox, it is very likely that the virus is received. If it is a dual-suffix, it is very likely that it is a virus, because the mail virus will choose to hide in the attachment and simply remove the file.
5. Try not to set a contact list in the address book. Once the virus is infected, the virus is transmitted by a contact in the address book.
6. less use of the stationery module. The letterhead module contains some script files. If the module is infected with Script viruses such as VBS/KJ and happy time, all emails sent from the letterhead are infected with viruses.
7. Set the automatic mailbox filtering function. This not only prevents spam, but also filters out some emails with viruses.
8. Do not use the HTML preview function in the mail software mailbox. Today, some viruses that are spreading and destructive are often infected during email preview, and do not need to open an email.

 

Analysis and Analysis of 13 symptoms of malicious webpage viruses
13 symptoms analysis and simple repair methods of malicious webpage viruses

 

1. webpage viruses that damage ie browsers:
　　
(1). The default homepage is modified.
　　
1. Damage characteristic: the default home page is automatically changed to a website URL.
　　
2. form: the default homepage of the browser is automatically set to a URL such as ********. COM.
　　
3. clear method: manually modify the Registry. Choose Start> RUN> regedit> OK to open the registry editing tool. Open HKEY_LOCAL_USERSoftwareMicrosoftInternet assumermain in sequence, find the Default_Page_URL Key Value Name (used to set the default homepage) and right-click in the right window to modify it. Press F5 to refresh.
　　
Hazard level: Average
　　
(2). The default homepage is modified.
　　
1. Damage: the default homepage is automatically changed to the website address of a website.
　　
2. form: the default homepage of the browser is automatically set to a URL such as ********. COM.
　　
3. clear method: manually modify the Registry. Choose Start> RUN> regedit> OK to open the registry editing tool. Open the HKEY_LOCAL_USERSoftwareMicrosoftInternet assumermain branch in the following order, find the StartPage Key Value Name (used to set the default homepage) and right-click the page to modify it. Press F5 to refresh.
　　
Hazard level: Average
　　
(3). The default Microsoft homepage is modified.
　　
1. Damage characteristic: by default, the Microsoft homepage is automatically changed to a website URL.
　　
2. Representation: by default, the Microsoft homepage is tampered.
　　
3. cleanup method:
　　
(1) manually modify the Registry method: Start Menu-> Run-> regedit-> OK. Open the registry editing tool in the following order: HKEY_LOCAL_MACHINESoftwareMicrosoftInternetExplorerMain branch, find the Default_Page_URL Key Value Name (used to set the default Microsoft homepage), right-click in the right window, the key value to _ intl/cn/start/"target = _ blank> http://www.microsoft.com/windows/ie_intl/cn/start. Press F5 to refresh.
　　
(2) Automatic File Import registry method: Please input or paste the following content into notepad, any file name with the extension reg exists in any directory of drive C, and then execute this file, according to the prompts, one confirmation will show that the Registry is successfully imported.
　　
REGEDIT4
　　
[HKEY_LOCAL_MACHINESoftwareMicrosoftInternet assumermain]
"Default_page_url" = "http://www.microsoft.com/windows/ie_intl/cn/start"
　　
Hazard level: Average
　　
(4). the homepage settings are blocked and locked, and the setting options are invalid and cannot be changed.
　　
1. Damage feature: the home page settings are disabled.
　　
2. form: the address bar of the home page is dimmed and blocked.
　
3. clear method: (1) manually modify the Registry method: Start Menu-> Run-> regedit-> OK. Open the registry editing tool in the following order: HKEY_CURRENT_USERSoftwareMicrosoftInternetExplorer branch, create a "ControlPanel" primary key, and then create a DWORD value with the key value "HomePage" under this primary key. The value is "00000000", and press F5 to refresh and take effect.
　　
(2) Automatic File Import registry method: Please input or paste the following content into notepad, any file name with the extension reg exists in any directory of drive C, and then execute this file, according to the prompts, one confirmation will show that the Registry is successfully imported.
　　
REGEDIT4
　　
[HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet assumercontrol Panel]
"HomePage" = dword: 00000000
　　
Hazard level: mild
　　
(5). The default IE search engine is modified.
　　
1. Damage: change IE's default Microsoft search engine.
　　
2. Form: search engine destroyed