Antivirus root skillfully use registry to prevent virus regeneration _ security settings

At present, many popular network virus once started, will automatically in the computer system registry Startup items left behind the repair options, pending the system reboot after the virus can be restored to the state before the change. In order to "deny" network virus restart, we can start with some details to manually remove the virus legacy options in the registry to ensure that the computer system is no longer vulnerable to virus attacks.
Block startup by Web page form
Many computer systems infected with the network virus, may be in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, hkey_current_user\ SOFTWARE\Microsoft\Windows\CurrentVersion\Run, hkey_current_user\software\microsoft\windows\currentversion\ RunServices, and so on, in the key value below the registry branch, There is something like. html or. htm, in fact, this kind of startup key value is the main function of the computer system after the start of a successful, automatic access to include network virus specific sites, if we do not put these key values in a timely manner, it will easily lead to network virus relapse.
To this end, we use antivirus program to clear the computer system virus, we also need to open the System Registry editing window in time, and in this window to view the above several registry branch options, See if any of the startup key values below these branches are included. suffix such as HTML or. htm, once found we must select the key value, and then click the Edit/delete command, the selected target key values are deleted, and finally press F5 function key to refresh the system registry.
Of course, there are also some viruses in the boot key values below the several registry branches that are left with the boot key value of the. vbs format, we also have to delete them when we find such a startup key value.
Prevent booting through the back door
In order to avoid the user's manual "encirclement and suppression", many network viruses will be in the system registry startup items in some camouflage covert operation, unfamiliar system users are often afraid to remove these startup key values, so that the virus program can achieve the purpose of restarting.
For example, some viruses create a startup key value named "System32" under several registry branches, and set the value of that key to "Regedit-s D:\Windows" (as shown in Figure 1); I look, Many users will think that this startup key value is automatically generated by the computer system, and dare not to delete it, but the "-S" parameter is actually the backdoor parameter of the system registry, which is used to import the registry, and can automatically produce the file in VBS format in the installation directory of Windows system. With these files, the virus can be used for automatic startup purposes. So, when we see the "Regedit-s D:\Windows" key value in the boot entry in several of the registry branches above, you must remove it without mercy.
Block Startup by file
In addition to checking the registry startup key value, we also have to check the system's "Win.ini" file, because the network virus will automatically generate some legacy items in this file, if the file does not delete the illegal startup items, the network virus will be a comeback.
Generally speaking, the "Win.ini" file is often located in the system's Windows installation directory, we can go to the System's Explorer window and locate and open the file in the file editing area, and then check the "run=", "load=" And the following options include some dubious content, if found, must be timely to "=" clean up the contents of the content; Of course, before you delete it is best to look at the specific file name and path, complete the delete operation, and then go to the System folder window to delete the corresponding virus files.
Attention to the above several details, many network viruses in the future to restart it is not so easy!