Computer anti-virus record

Some days ago a classmate computer infected with a ferocious virus, looking for me to see, the scene is very solemn and tragic: the bottom right corner of the screen is constantly popping bad ads, the system icon part of the changes, more computers out of many programs, CPU occupancy rate 100%, the mouse keyboard is almost unusable.

The process of antivirus is time-consuming, from 10 o'clock in the morning to 5 o'clock in the afternoon. Some students said, so long time to re-install the system, the common virus can, but the classmate of the infection virus, in addition to the other plate C disk is also infected with the virus, unless the overall format, the virus still exists after reloading the system.

First, disconnect the network

Second, enter the normal safety mode

Third, the virus by the way to understand the cause

Iv. access to the networked security model virus

V. Check the boot entry and service uninstall part of the residue software

First, disconnect the network

Once found in the computer virus, if not a USB stick infection, the virus must be transmitted through the network (not networked computers, not in the virus), my experience is immediately disconnect the network, unplug cable, prevent further infection of the virus, and some viruses implanted specific file transfer software, Will pass your file data through the Internet to the intruder. So be sure to break the network, do not worry that many anti-virus software can be offline antivirus.

Second, enter the normal safety mode

After disconnecting the network will start to antivirus, in the original system is certainly not antivirus, one is because the virus has been invaded (side kill, side infection), another reason is said before, this computer CPU occupancy rate of 100%, simply can not run antivirus software.

Safe mode is a good idea, Safe Mode only load the system core process and part of the hardware driver process, the virus will not only need to invade infected files, in a state of being trampled. Why this is said that the normal security mode, because this mode can not be networked, here offline Antivirus is also for security reasons, in case of a strong virus in case of trouble, so we choose to enter the normal security mode (that is, people often say that the safe mode, said to be ordinary, is to distinguish with the back).

Restart the computer, press F8 on the boot to enter the selection interface, the upper and lower keys to select Safe Mode. I met a special situation, but also on the classmate's computer, this computer is an ASUS motherboard desktop, when the boot press F8 actually entered the ASUS Motherboard Setup interface (ah, really do not understand, ASUS company set this into F7 and will not be ashamed), tried for a long time, Also find information on the Internet finally learned a method: press F8 after entering the setup interface and then press ESC, then immediately after vomiting blood mad press F8, enter the selection interface, choose Safe Mode.

Third, the virus by the way to understand the cause

After entering safe mode, you can start anti-virus software. Start anti-virus software, where everyone uses the public antivirus software can be, there is no special recommendation. Start Avira After, you can do other things, I was waiting for about 2 hours to check out, about 582 virus (real strong), and then began to antivirus, but also a long wait, this time I did not choose to do other things but to see exactly what the virus.

I found that there are many implanted video conversion software, which makes me very strange, and later to check the data to know that these software is virus implanted in the computer in order to be CPU occupancy rate of 100%, video software is generally very CPU-intensive, the virus is taking advantage of this, the use of CPU resources, so that the machine owner can not run the program, The opportunity to invade computer files.

As expected, there are a lot of software specifically used to transfer files, such as flying Pigeon biography. Fortunately, even if the network, the file has been uploaded to the hands of intruders.

In addition, the virus page invaded a lot of file data, resulting in the need to kill these files, sacrificing the individual, the overall protection.

Iv. access to the networked security model virus

After the first kill virus, I checked again, just looked for a few minutes, and found that there are still viruses exist, because most of the virus is still wiped out, so I think now can be networked avira, more comprehensive, but still safe mode, this is a Safe mode with networking features, and then again virus Avira. During this period in order to more thoroughly kill the virus, in addition to using antivirus software, I also have used the first-aid box (360 or Jinshan), first aid box can not be used as anti-virus software, will damage the system, the case of poisoning is not the best use.

After Avira, check again, finally no virus, can enter the normal system.

V. Check the boot entry and service uninstall part of the residue software

After entering the system, if found before the virus to your installed software is still in, do not be nervous, this is a residue, not be identified as a virus rogue software, uninstall just fine.

In addition, because this poisoning is more deep, for the sake of safety, I looked at the boot entry and service: Win+r, and then enter Msconfig, you can view. Faith is rather wrong to kill also not let go of attitude, I only retained the service of Microsoft, boot start item also only keep oneself familiar. But in fact there is no wrong kill, if some software problems, you can use the same method to set up startup items and services, such as the input method of service.

OK, the computer anti-virus note is here. It's not a golden rule to talk about your own experience, or even some of the wrong things, but don't worry about the details.

Computer anti-virus record