All kinds of viruses have been put together today. Once you find that your computer is abnormal, it is regarded as a virus, and anti-virus software is everywhere, in a word, it seems that we cannot find the "culprit". As a result, the virus software has been used one after another. Maybe the RMB has been used one after another, or no trace of "culprit" has been found, in fact, this is not necessarily a virus.
Such examples are not uncommon, especially for some beginner computer users. Next, I will introduce how to determine whether a virus is detected in the following aspects based on my computer experience and enterprise network maintenance experience, hope to help identify "real virus!
Differences and connection between viruses and software and hardware faults
Computer faults are not only caused by viruses, but also caused by software and hardware faults, the network is mostly caused by permission settings. Only by fully understanding the differences and connections between the two can we make a correct judgment and discover the virus in time when it comes. Below I will briefly list some common symptoms of computer faults caused by viruses, software and hardware faults.
Possibility of symptom virus intrusion: Possibility of software and hardware faults
Frequent crashes: viruses open many files or occupy a large amount of memory; unstable (such as poor memory quality and poor hardware overclocking performance ); software running with large capacity occupies a large amount of memory and disk space. Some testing software (with many bugs) is used, and hard disk space is insufficient; when running software on the network, it may be because the network speed is too slow, the program running is too large, or the hardware configuration of the workstation is too low.
The system cannot start: the virus modifies the boot information of the hard disk or deletes some boot files. If the boot virus boot file is damaged, the hard disk is damaged, the parameter settings are incorrect, and the system file is deleted by mistake.
File cannot be opened: the virus modifies the file format, and the virus modifies the File Link location. File damage; hard disk damage; the link location of the file shortcut has changed; the software for editing the file has been deleted; if the file storage location on the server changes in the LAN, and the workstation does not promptly update the content of the server (the resource manager is opened for a long time ).
Frequent reports of insufficient memory: viruses illegally occupy a large amount of memory, open a large number of software, run the software that requires memory resources, and the system configuration is incorrect; the memory is not enough (the current basic memory requirement is 128 MB.
Tip: the hard disk space is not enough: the virus copies a large number of virus files (this has happened in several cases. Sometimes, when a WIN98 or WINNT4.0 system is installed on a top 10 Gb hard disk, the system says there is no space, when software is installed, the system prompts that the hard disk space is insufficient. The disk capacity in each partition is too small; a large number of large-capacity software is installed; all software is installed in one partition; the hard disk itself is small; if the system administrator sets the "Private disk" space limit for each user in the LAN, the system administrator can view the size of the entire network disk, in fact, the capacity of the "Private disk" has been used up.
When the disk or other devices are not accessed, the read/write signal is sent: virus infection; the disk removes the files that have been opened in the floppy disk.
There are a large number of unknown files: virus copy files, temporary files generated during software installation, or software configuration information and Operation Records.
Black screen startup: virus infection (the most important thing to remember is 4.26 in 98 years. I paid thousands of yuan for CIH. That day, when I first started Windows, the screen crashed, after the second boot, there will be no more); Display fault; Display Card fault; motherboard fault; overclocking; CPU damage, etc.
Data loss: the virus deletes the file; the hard disk sector is damaged; the original file is overwritten due to recovery; if the file is on the network, it may be deleted by another user by mistake.
Keyboard or mouse locking without reason: virus, special attention should be paid to "Trojan"; the keyboard or mouse is damaged; the keyboard or mouse interface on the motherboard is damaged; a keyboard or mouse lock program is running, the running program is too large, and the system is very busy for a long time. It does not work if you press the keyboard or mouse.
Slow system running speed: the virus occupies memory and CPU resources and runs a large number of illegal operations in the background; low hardware configuration; too many or too many open programs; incorrect system configuration; if the program running on the network is mostly caused by the low configuration of your machine, it may also be because the network is busy, and many users open a program at the same time; another possibility is that your hard disk space is insufficient for temporary data exchange during program running.
The system automatically performs the operation: the virus performs illegal operations in the background. You have set the relevant program to run automatically in the registry or Startup Group. After some software is installed or upgraded, You need to automatically restart the system.
Through the above analysis and comparison, we know that most faults may be caused by human or software or hardware faults. Do not rush to assert when an exception is found, when the anti-virus solution cannot be solved, the fault characteristics should be carefully analyzed to eliminate the possibility of software, hardware and human resources.
Virus classification and features
To truly identify viruses and immediately scan and kill viruses, we also need to have a more detailed understanding of the virus, and the more detailed the better!
Viruses are compiled by a large number of scattered individuals or organizations, and there is no standard for measuring and dividing them. Therefore, virus classification can be roughly divided by multiple perspectives.
For example, viruses can be divided into the following categories by the infected objects:
A. Boot Virus
The target of these virus attacks is the Boot Sector of the disk. In this way, the system can obtain the execution priority at startup to control the entire system. This virus is infected with the boot sector, as a result, the loss is relatively large. Generally, the system cannot be started normally, but it is also easy to KILL such viruses. Most anti-virus software can KILL such viruses, such as KV300 and KILL series.
B. File Virus
Early versions of these viruses generally infect executable files with extensions such as exe and com, so that the virus program is activated when you execute an executable file. Recently, some files with extensions such as dll, ovl, and sys are infected because these files are usually the configuration and link files of a program, therefore, when a program is executed, the virus is automatically loaded into the quilt. They are loaded by inserting the entire section of the virus code or inserting them into the blank bytes of these files separately, for example, the CIH virus splits itself into nine segments and embeds it into an executable file in the PE Structure. After infection, the number of bytes of the infected file does not increase, which is its hidden side.
C. Network Viruses
This virus is the product of rapid network development in recent years. Infected objects are no longer limited to a single mode and a single executable file, but more comprehensive and hidden. Nowadays, some Internet viruses can infect almost all OFFICE files, such as WORD, EXCEL, and email. The attack methods have also changed, from the original deletion, modification of files to the current file encryption, theft of user useful information (such as hacker programs), etc, the transmission path has also experienced a qualitative leap, instead of being limited to disks, but through a more concealed network, such as e-mails and e-advertisements.
D. Compound viruses
It is classified as a "Compound virus" because they both have some characteristics of the "Boot" and "file" viruses, which can infect the disk's Boot Sector files, this executable file can also be infected. If the virus is not completely cleared, the residual virus can be self-restored, and the boot sector file and executable file may be infected, therefore, it is extremely difficult to scan and kill such viruses. The anti-virus software used must have the function of killing both types of viruses at the same time.