Do not confuse your eyes with viruses

With the continuous improvement of anti-virus technology, virus technology is also enriching its own methods. How can we find these culprit? I hope that the author's introduction will help you ......
Speaking of viruses, we believe that users suffering from viruses will feel helpless. Nowadays, with the continuous improvement of anti-virus technology, virus technology is also enriching its own methods. I believe that the user must have encountered such a situation. When the machine is restarted, it will find that all anti-virus software is invalid. If any unfamiliar process is found, it will not be able to be shut down; some users even think they are virus tricks when they have an exception, but they cannot find the culprit ". What the hell is going on? Let's get to know today's computer viruses.
Spoof your eyes
Speaking of viruses, we need to talk about how viruses hide themselves. No virus or Trojan exists in the system and cannot be completely isolated from the process (a process can be generally considered as a program being executed). Even if the hidden technology is used, you can still find the trace from the process. Therefore, viewing the active process in the system becomes the most direct method for detecting viruses and Trojans. Recognizing and distinguishing processes has become something we have to take seriously.
When the user realizes that the machine is infected with a virus, no abnormal process is found when we view the processes in the system through the "Task Manager". This indicates that the virus uses a hidden measure. How does a virus trick your eyes?
People who have experience using computers should know that there are several processes in the system that are often used by viruses to disguise themselves: svchost.exe?javaser.exe= I #e.exe. The disguised malicious processes are shown as follows: svch0st.exe%e.exe% I %er.exe and so on. Careless users may be confused by seemingly identical names, but by careful comparison, we can find the seven tricks. Generally, this type of virus changes the o of the process name to 0, l to I, and I to j to confuse users.
In addition, svchost.exe is a commonly used program used to execute DLL files. It is a system program of the Microsoft Windows operating system. In the nt kernel-based windows operating system family, different versions of windows systems have different numbers of "svchost" processes, which are exactly used by viruses. The normal svchost file exists in the "c: windowssystem32" directory. Be careful if the file appears in other directories.
There are many kinds of viruses and many technologies available. Here, I suggest you use a third-party process viewing tool to check which programs are running in your system. Svchost.exe is also used as an example. In XP, click "start"/"run" and enter "services. msc command, pop up the service dialog box, and then open the remoteprocedurecall Properties dialog box, you can see the rpcss executable file path is c: windowssystem32svchost-krpcss ", this indicates that the rpcss Service relies on svchost to call the "rpcss" parameter, and the parameter content is stored in the system registry.
Enter regedit.exe in the running dialog box and press Enter. Open the Registry Editor, find the [hkey_local_machinesystemcurrentcontrolsetservicespcss] item, and find the key "magepath" of the type "reg_expand_sz ", its key value is "% systemroot % system32svchost-krpcss" (this is the Service Startup command that is seen in the service window), and there is a key named "servicedll" in the parameters subitem, the value is "% systemroot % system32rpcss. dll, where "rpcss. dll is the dynamic link library file to be used by the rpcss. In this way, the svchost process can start the service by reading the registry information of the "rpcss" service.
In fact, as long as the user pays a little attention, the user can discover most of the malicious programs in the system. The following describes several common anti-virus methods:
Clear viruses in safe or DOS mode
When a computer is infected with a virus, most viruses can be completely cleared in normal mode. However, computer viruses are not easy to detect by antivirus software. Therefore, the virus needs to be cleared in computer security mode. In security mode, most popular viruses can be completely cleared. However, for some boot zone viruses and Viruses Infected with executable files, they need to be virus-free in pure DOS. Today, most anti-virus software has provided anti-virus guidance. you can install a disk to prevent viruses in the boot zone.
Clear Outlook mail Virus
Basically, mainstream anti-virus software can check whether emails are infected with viruses and handle them according to user settings. However, in Outlook, virus can still be detected in emails that are prone to virus infection. This is mainly due to the absence of Space release. You can perform the following operations:
Select "Tools"-"options"-"maintenance"-"clear now"-"compress"-"delete"
Share directory Anti-Virus
If the files with viruses in the local shared directory cannot be cleared, we recommend that you cancel sharing and thoroughly scan and kill the shared directory. When virus removal is performed on a remote shared directory (including a ing disk), ensure that the operating system of the Local Computer is clean and that the shared directory has the highest read and write permissions.
Of course, this is just not all ways to clear viruses. We have to admit that with the development of the virus, today's viruses, like the popular "Kill soft Stars" in the past few days, will be modified through the registry, prevents users from entering safe mode. Generally, this type of virus is relatively difficult to handle. We recommend that you pay attention to the latest virus broadcast, even if you prevent or use virus killing. In addition, it is also essential to promptly update the user's system vulnerabilities. The author is still saying that the occurrence of viruses or attacks still exploits system vulnerabilities.