Computer viruses are our computers can not hurt Ah, the network era, the virus is ubiquitous, a variety of viruses let us headache, sometimes poisoning is unavoidable, when we have a computer poisoning will have what kind of symptoms? As the master of you have to understand Ah!
I. Some manifestations of poisoning
How do we know about the virus in the computer? In fact, computer poisoning and people are sick, there are always some obvious symptoms show. For example, the machine runs very slowly, not on the network, anti-virus software can not be born, Word documents can not open, the computer does not start, hard disk partitions found, data loss and so on, is a number of poisoning symptoms.
Second, poisoning diagnosis
1, press Ctrl+shift+ese (simultaneously press this three key), bring up the Windows Task Manager to see the system running process, find unfamiliar process and write down its name (this requires experience), if these processes are viruses, so as to facilitate the subsequent cleanup. Do not end these processes for the time being, because some viruses or illegal processes may not end here. Click Performance to view the current state of the CPU and memory, if the CPU utilization is close to 100% or memory occupancy value is high, at this time the probability of computer poisoning is 95%.
2. View the service items currently started by Windows, and open services in Administrative Tools in Control Panel. Look at the row in the right column status is the "Start" Start category is the "automatic" item; Generally speaking, a normal Windows service is basically descriptive (except for a handful of hackers or worms), double-click to open the service item that you think has a problem view the path and name of the executable file in its properties. If its name and path is C:winntsystem32explored.exe, the computer strokes. There is a situation where the "Control Panel" is not open or all the icons inside the left side, there is a vertical scroll bar, and the right is blank, and then double-click Add/Remove Programs or management tools, the window is empty, this is the characteristics of the virus file Winhlpp32.exe attack.
3, run Registry Editor, command for regedit or regedt32, view all those programs with Windows to start. Mainly look at the Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun and the following several RunOnce, see the form to the right of the item value to see if there are illegal startup items. Windows XP run Msconfig also play the same role. With the accumulation of experience, you can easily judge the start of a virus.
4, in the browser to determine the Internet. A Gaobot virus that was in the first episode, Can be on yahoo.com,sony.com and other sites, but can not access such as www.symantec.com,www.ca.com, such as well-known security vendors of the website, installed symantecNorton2004 anti-virus software can not upgrade the Internet.
5, unhide the properties, view the System folder Winnt (Windows) System32, if opened after the folder is empty, indicating that the computer has been poisoned; after opening the System32, you can sort the icons by type to see if there are any popular virus execution files. By the way, check the folder Tasks,wins,drivers. At present, there are virus execution files hiding in this; driversetc under the file hosts are viruses like to tamper with the object, it would have been only about 700 bytes, has been tampered with more than 1Kb, This is caused by the general Web site access and security vendors can not access the site, the famous anti-virus software can not upgrade the reason.
6, by the anti-virus software to determine whether poisoning, if poisoned, anti-virus software will be automatically terminated by the virus program, and manual upgrade failed ... Antivirus, suggestion.
Third, antivirus
1, in the registration table to remove the illegal program initiated with the system, and then search the registry for all the key value, delete it. As a system service to start the virus program, will be in hkey_local_machinesystemcontrolset001services and controlset002services hiding, found and then destroyed.
2, stop the problem of service, change automatically for the prohibition.
3, if the file system32driversetchosts is tampered with, restore it, that is, only one row of valid value "127.0.0.1localhost", the remaining lines are deleted. The host is then set to read-only.
4, restart the computer, press F8 into the "Safe Mode with the network." The goal is to keep virus programs from starting, and to patch Windows upgrades and upgrade antivirus software.
5, search for virus execution files, manual elimination.
6, to the Windows upgrade patching and anti-virus software upgrades.
7, shut down unnecessary system services, such as Remoteregistryservice.
8, the 6th step after the completion of the system with anti-virus software for a comprehensive scan, destroy slip through the network.
9, after the completion of the step, restart the computer, complete all operations.
The ideal situation is: Internet access is an extranet firewall, followed by antivirus Gateway (the Panda defender's cost-effective), and then the router, server area, the application server can be configured with a virus server, and then inside the intranet firewall, set up antivirus server, Each user installs the anti-virus software's manageable client.
Protect against viruses far more than killing viruses. Therefore, the establishment of strict preventive measures is very necessary. In the condition of large and medium-sized networks, should be soft and soft, three-dimensional protection. So as to make our computer life longer!