Clever Use of system processes to reject virus attacks

To prevent computer viruses, relying solely on anti-virus software is far from enough, because all anti-virus software compares the data on your computer with the virus samples in the virus database to determine whether the virus is poisoned. Therefore, there is no way to detect new viruses in the virus database. Therefore, it is necessary for us to learn the manual anti-virus method. The following describes how to use the system process for anti-virus:

A process is the execution program currently running on the operating system. The executable virus also appears in the system as a "process". We can open the system process list to check which processes are running and determine whether there is a virus by the process name and path, if any, write down the process name, end the process, and delete the virus program.

　　1. view the process list

To view the process list in WIN98/ME: choose Start> program> accessories> System Tools> system information> software environment> running tasks. ", the list of opened processes, as shown in figure 1)

In WIN2000/XP, you can also press ALT + CTRL + DEL to open windows Task Manager and view it on the process page (2 ).

2. Determine which processes are normal

System Process Table (3). system processes generally include basic system processes and additional processes. Basic System processes are essential for system operation, while additional processes can run or end on demand.

1. Basic System Process:

Csrss.exe: A subsystem server process that controls the Creation or Deletion of threads in Windows and the 16-bit Virtual DOS environment.

Lsass.exe: Manages IP Security Policies and starts ISAKMP/Oakley (IKE) and IP Security drivers ..

Assumer.exe: Resource Manager.

Smss.exe: A session management subsystem that starts user sessions.

Services.exe: a management tool for system services, including many system services.

System: Windows system Process

System Idle Process: This Process runs on each processor as a single thread and distributes the Time of the processor when the System does not Process other threads.

Spoolsv.exe: Manage print and fax jobs in the buffer zone.

Svchost.exe: when the system starts, svchost.exewill check the location in the registration table to create a dedicated service catalog. If multiple Svchost.exe instances run simultaneously, multiple groups of services are active. Multiple DLL files are calling it.

Winlogon.exe: manage user logon

These processes are crucial to computer operation. Do not "kill" them at will. Otherwise, the normal operation of the system may be directly affected.

2. Attach Process

In addition to basic system processes, other processes are additional processes, such as wuauclt.exe (automatic update program) and zookeeper. Additional processes can be selected as needed without affecting the normal operation of the system core.

3. Application Process

The currently running application will also be displayed in the process list. When you want to check for viruses, it is best to close all running programs in the normal way. The virus generally does not end with the application being closed.

When we find that the "unknown process name" is not in the System Process Table (3), it should be listed as a suspicious process.

Iii. Processing

1. Test method: After a suspicious process is completed, search the entire hard disk using the "Start> Search> file or folder> suspicious process name as the keyword" and find the corresponding program, write down its path, move it to a floppy disk or a USB flash disk, and run the software on the computer again. If the software runs normally, it indicates that the process is redundant or virus, even if it is not a virus, the system can lose weight. Restore the software if it cannot run properly.

2. Consultation

If you have no idea whether a "unknown process" is a virus, you can copy the full name of the process and go online to the forum for consultation, or use the full name of the process as the keyword to search for it on the global search engine. Find the relevant information to see if it is a virus. If yes, delete it immediately.