What should I do if my computer is poisoned?

What should I do if my computer is poisoned?

Many netizens in the red/Black alliance are concerned about computer viruses. Maybe many of their friends are new to computers and do not know much about computer viruses. At present, there are too many computer viruses, but we often encounter viruses that are dominated by account theft. Generally, what a personal computer can use is an account in addition to bandwidth. Of course, computer viruses share a common characteristic that, in order to achieve concealed effects, may damage the normal operation of the computer. Next, let's take a look.

I. symptoms of poisoning

How do we know that the computer is infected with viruses? In fact, computer poisoning is the same as people getting sick. There are always some obvious symptoms. For example, the machine runs very slowly, cannot access the Internet, the antivirus software cannot generate the level, the Word document cannot be opened, the computer cannot start normally, the hard disk partition cannot be found, and the data is lost. This is a warning of the virus.

Ii. Diagnosis of poisoning

1. Press Ctrl + Shift + Ese (press these three keys at the same time) to bring up the windows Task Manager to view the processes running in the system, find the unfamiliar processes, and write down their names (this requires experience ), if these processes are viruses, they can be easily cleared later. Do not end these processes temporarily, because some virus or illegal processes may not end here. Click performance to view the current status of CPU and memory. If the CPU usage is close to 100% or the memory usage remains high, the possibility of computer poisoning is 95%.

2. view the service items currently started in windows. Open "service" in "Administrative Tools" in "Control Panel ". The row in the right column is in the "Start" Startup category as "automatic". Generally, normal windows Services, basically, there are descriptive content (except for a few spoofed by hackers or worms ), double-click the service item that you think is faulty to view the path and name of the executable file in its properties. If the name and path are C: winntsystem32explored.exe, click it on the computer. One scenario is that the "control panel" cannot be opened or all the icons in it can be reached to the left. There is a vertical scroll bar in the middle, and the right side is blank. Then, double-click the Add/delete program or management tool. The window is empty. This is the feature of winhlpp3.

3. Run the Registry Editor command regedit or regedt32 to check that all programs are started with windows. Mainly look at Hkey_Local_MachineSoftwareMicroSoftWindowsCurrentVersionRun and the following RunOnce, view the item value on the right of the form, and check whether there are illegal startup items. Running msconfig in Windows XP also plays the same role. With the accumulation of experience, you can easily determine the startup items of the virus.

 

4. Use a browser to access the Internet. When browsing the Internet, try to visit some big sites or regular websites.

 

5. unhide the system folder winnt (windows) system32. If the folder is empty, the computer is poisoned. After system32 is opened, the icons can be sorted by type, check whether the execution file of the virus exists. By the way, check the Folder Tasks, wins, drivers. currently, some virus execution files are hidden here. The hosts in driversetc is the object that the virus prefers to tamper with. It was originally about 700 bytes, and it became more than 1 kb after being tampered, this is the reason why General websites can be accessed, websites of security vendors cannot be accessed, and the famous anti-virus software cannot be upgraded.

6. the antivirus software determines whether the virus is poisoned. If the virus is poisoned, the antivirus software will be automatically terminated by the virus program and the manual upgrade will fail ...... Anti-virus and Suggestions

Iii. Anti-Virus

1. Delete the illegal programs started with the system in the registry, search for all the key values in the registry, and delete them. As a virus program started by the system service, it will be hidden in Hkey_Local_MachineSystemControlSet001services and controlset002services, and then eliminated together.

2. Stop the problematic service and change it to disabled automatically.

3. If the file system32driversetchosts is tampered with, recover it, that is, only one row of valid value "127.0.0.1localhost" is left, and other rows are deleted. Set the host to read-only.

4. Restart your computer and press F8 to enter the "safe mode with network ". The purpose is not to start the virus program, but to patch Windows and Upgrade anti-virus software.

5. Search for virus execution files and manually delete them.

6. Install patches for Windows and Upgrade anti-virus software.

 

7. disable unnecessary system services, such as remoteregistryservice. 8. Use anti-virus software to scan the system comprehensively after completing steps 1 and 2, to eliminate the risks of network leakage.

 

9. After completing the preceding steps, restart the computer to complete all operations.

Iv. Suggestions

Virus prevention is far more effective than virus detection and removal. Therefore, it is necessary to establish strict preventive measures. SXS is a good question. In large and medium-sized networks that meet the requirements, it is necessary to implement both software and three-dimensional protection. Ideally, the Internet access area is the Internet firewall, followed by the anti-virus Gateway (which is highly cost-effective), and then the vro and server area. You can configure a virus server for the application server; an Intranet firewall is used in the Intranet, and an anti-virus server is set up in the Intranet. Every user installs a manageable client for anti-virus software.