How do I know if my computer has a virus?

I. Scanning of anti-virus software

This is probably the first choice for most of our friends, and I am afraid it is the only choice. Now there are more and more types of viruses, and more concealed means, which brings new difficulties to virus detection and removal, it also brings challenges to anti-virus software developers. However, as the computer program development language becomes more technical and computer networks become more and more popular, virus development and dissemination become more and more easy, so there are more and more anti-virus software development companies. However, there are still some well-known anti-virus software systems, such as Kingsoft drug overlord, KV300, KILL, PC-cillin, VRV, rising, and Norton. As for the use of these anti-virus software, you don't have to mention it here. I believe everyone has this level!

2. Observation

This method can be observed accurately only when you understand the symptoms of a virus attack and the common locations. For example, when hard disk boot often encounters failures, such as crashes, long system boot time, slow operation speed, hard disk access failure, special sound, or prompts, the first thing we need to consider is that the virus is acting as a monster, but we cannot go through the holes. I have not mentioned the symptoms of software and hardware faults! We can observe the following aspects for viruses:

1. Memory observation

This method is generally used for viruses found under DOS. We can use the "mem/c/p" command under DOS to check the memory usage of each program, it is found that the memory occupied by viruses (usually not separately occupied, but attached to other programs), and some viruses also occupy relatively hidden memory, we can't find it with "mem/c/p", but we can see that the total basic memory is less than 1 K or a few K.

2. system configuration file observation

This type of method is also applicable to hacker programs. This type of virus is typically hidden in the system. ini, wini. in the ini (Win9x/WinME) and Startup Group. the INI file contains a "shell =" item, while in wini. INI files include "load =" and "run =". These viruses generally load their own programs in these projects. Note that sometimes they modify an original program. Run the msconfig.exe program in Win9x/winmeto view the information one by one. For details, refer to my article "transparent Trojan watching.

3. Feature string observation

Using the hexadecimal code editor for editing, you can find that, of course, you 'd better back up before editing, after all, it is the main system file.

4. Hard Disk Space Observation

Some viruses will not damage your system file, but only generate a hidden file. This file contains very little content, but occupies a large disk space, sometimes your hard disk cannot run a general program, but you cannot find it. In this case, we need to open the resource manager, then, set the viewed content property to a file that allows you to view all the properties (this method does not need to be discussed by me ?), I believe that this giant object will be visible at that time, because the virus generally sets it as a hidden attribute. In this case, I will see several examples during my computer network maintenance and personal computer maintenance. I have installed only a few common programs, why is there no display of several GB of hard disk space in drive C? the above method can quickly display the virus.