How to distinguish between real virus and system failure

Have you ever had a virus? Despite the endless emergence of new viruses, there are not many viruses that ordinary users can truly "experience". They are nothing more than catastrophic shock waves and heartbeats, the QQ tail virus is also confusing by friends. When the system encounters a very "typical" virus phenomenon, it is very likely that it encounters a "pseudo virus" disguised as a system fault "!
 
How can we tell if it is a virus?

How to distinguish between real virus and system failure
① File viruses make all programs unavailable, and system faults usually make some system functions unavailable.
② After being infected with viruses (especially webpage viruses), "Registry Editor" and "Process Manager" may be disabled.
③ When the system suddenly fails to start or encounters a strange fault, recall whether the service has been optimized before, or install software related to the underlying system (such as anti-virus software and network firewall ).

I. Who are you looking?

Fault description: system components cannot run or virus similarity is lost:★★★★★

A function of Windows suddenly fails to be used or is lost, and a reasonable explanation of virus is the only way to crack the scalp. In fact, this is not the case. For example, the search panel is lost, the Quick Start bar cannot be started, the Start Menu does not contain "run", and the taskbar does not contain a tray area, there are usually three causes of component failure or loss: ① The component is not installed; ② the system service is not started; ③ The system file is damaged or lost.

Troubleshooting instance: Find the "life-saving straw" of the system"

When you click the Start> Help and Support menu or press the F1 key, the system does not respond or prompts "Help and Support error ". No response may be caused by file loss or the installation of system components, and the error message is caused by the failure of service startup.

Step 1: click "Start> Run" and enter the "helpctr-regserver" command to register the help component again.

Step 2: If the fault persists, open the C: Windowsinf directory (this directory property is hidden and you need to set "show all files and folders" in "Resource Manager" to access it ), find pchealth. inf file, right-click and select "Install". The system will reinstall the help component (during installation, the system will prompt you to insert the Windows XP installation disk ).

Tips

For File Corruption failures, run the "SFC/Scannow" command to verify Windows File Protection. If the system file is changed or lost, the system will prompt you to insert the Windows XP installation disk and copy the related files to the system.

Step 3: run services. run the msc command to open the Service Management window, find the service named "Help and Support" in the right pane, and double-click to open it, on the General tab, set "Start type" to "automatic" and "service status" to "started" (Help and Support services depend on Remote Procedure Call (RPC) service. Make sure that the RPC service is enabled. Otherwise, the setting will fail ).

Fault Golden Eye

The system component does not respond. Search for "component name regsvr32" or "component name-regserver" in Google to find the registration command after the component is lost. If an error is prompted when you turn on the system components, you should think about which services are disabled before the fault occurs (many optimization software turn off some system services on their own initiative) you can find the corresponding system service in "Service Management" and restore the startup status.

2. What should I do if the program is lost?

Fault description: The running program prompts "XXX file not found" virus similarity:★★★★

There are two common cases. One is to open a program in "Start> Run" but prompt "Windows File not found ", the other is the prompt "xxx cannot be found" when running a program. dll file ", is it a virus that deletes the file? The real reason is that the "environment variable" used in the system to point to the file location is lost.

Troubleshooting instance: The msconfig.exe cannot be run.

When you enable msconfig.exein your running environment, you can search for msconfig.exe. This is a fault caused by a typical environment variable that does not include the program execution path.

Add the region directory as the system environment variable.

Fault Golden Eye

If the Path environment variable in the system is lost, you can enter "% SystemRoot % system32; % SystemRoot % System32Wbem" in "system variables" in the environment variable setting box to restore. Some software will also leave the software Path in "Path" of "XXX user variable", such as UltraEdit, which can repair the environment variables by restoring the installation or re-installation.

3. The software "corpse"

Fault symptom: Strange System Service/countdown to restart virus similarity after startup:★★★★★

Many software systems need to establish services at the underlying layer of the system or install virtual device drivers, such as anti-virus software, network firewall, server software, and even SnagIt. After the software is uninstalled, these services or virtual devices are not deleted due to the uninstallation program's own problems, resulting in compatibility problems, the countdown to restart after startup is even more like a shock wave, a ripple ...... The solution is to manually delete related services and Virtual Devices.

Troubleshooting instance: delete a registered service

A software runs automatically as an administrator after it is started. When you uninstall the software, the system always prompts "the program is running and cannot be uninstalled ". This is because the program has been registered as a system service during installation, and the Service adopts a protection mode that cannot be manually terminated.

Step 1: Run "services. msc "open service management and find the service corresponding to the Program (in most cases, the service name contains the software name or company name ), set the "Start type" to "Manual" or "forbidden" and stop the service (note: the "stop" button of some services is unavailable in gray and must be restarted to take effect ), restart the system.

Step 2: after re-entering the SYSTEM, run regedit.exe to open the Registry Editor and locate the [HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services] Branch. The registry key value of the current SYSTEM service is listed here, you can delete the corresponding service items under the Branch to clear the service from the console list. Fault removal instance: deletes virtual devices that are left behind by anti-virus software.

The anti-virus software is in use for a short time. After uninstalling the software, the system is started improperly. This is because the virtual devices of the new anti-virus software are not cleared when they are uninstalled. As a result, the virtual devices of the new anti-virus software cannot be started properly (Windows XP/McAfee 8.0i is used as an example ).

Step 1: Enable "System Configuration Utility" on the "Startup" tab, remove the check box before the McAfee self-startup item, and click "OK ".

Step 2: Right-click my computer and choose manage. Go to Device Manager and choose View> show hidden devices ", then, under the "plug-and-play driver" branch, the debris left by antivirus software is deleted based on the name (many software system services, program installation directory names, and virtual device names use their company names )., for example, McAfee's company name is "Network Associates ").

Fault Golden Eye

Service management tool. Select "Include device drivers" in the Wizard to delete the device.

Iv. Auto-start error during startup

Fault description: an error is prompted during startup/fixed folder virus opening similarity:★★★

The same folder is always automatically opened at startup, although it does not affect stability, but it always feels like a Trojan is at work; there are also some errors that cannot be found when the computer is started, is it also a virus?

Troubleshooting instance: After logging on to the system, the system automatically opens the system32 directory.

If the registry self-launch project contains the path of the pop-up folder, or contains a blank value, a double quotation mark (such as "abc or abc"), ".. ","/", may cause this fault.

If Windows XP is used, run msconfig to open "System Configuration Utility". On the "Start" tab, deselect the check box for "enable the folder" and click "OK; in Windows 2000, because there is no "System Configuration Utility", You need to download Upiea click Download, SREng click Download, and use their startup Item management function to remove projects that open folders. In addition, the Group Policy also contains self-starting projects that run gpedit. msc opens the "Group Policy Editor" (Windows XP Home does not include this function ), expand "Computer Configuration> Windows Settings> script" and "Computer Configuration> management template> system> login" to check whether the "system32" directory is enabled for the start or login options, if yes, delete it.

Fault Golden Eye

A large part of the error message during boot is caused by the failure to fix the startup item after the antivirus software deletes the virus or Trojan file. You only need to manually delete the remaining content of the startup Item to solve the fault. "System Configuration Utility"