Because the running program is protected by Windows, even if the virus is detected, it is often killed and cannot be deleted. What if anti-virus software kills the virus? In the past, it was generally recommended to kill in security mode or DOS mode. There is now a new method called "specify the debugger in the Image File Execution options". This method should be feasible. The principle is to modify the registry so that the virus cannot be started the next time the computer is started, and then the virus is antivirus. The procedure is as follows:
1. virus discovered. For example, you can use anti-virus software to search for suspicious programs or press Ctrl, Alt, or Del in the task manager.
2. Click "start", "run", enter "regedit", and click "OK" to go to the Registry Editor.
3. in the registry, create an item in the path HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options (whatever it is), create a new string value in the item, name it "Debugger", double-click, enter the path of the file to be disabled.
For example, if a trojan or virus is found in the process and the path is C: aaa123.exe, enter C: \ aaa \ 123.exe in the created Debugger (the path slash uses a double slash here ).
4. Close Registry Editor and restart your computer. In this case, the virus cannot be started and then deleted directly.
Application example introduction:
"Trend Micro" is installed on many office computers in our company. It does not take up any resources, and it cannot be uninstalled (without a password). The computer starts very slowly. I put two of its files, that is
C: \ Program Files \ Trend Micro \ OfficeScan Client \ PccNTMon.exe
C: \ Program Files \ Trend Micro \ OfficeScan Client \ OfcDog.exe
This method is disabled. As a result, the computer is quickly started, and other anti-virus software can be installed.