How to manually evict rogue software

Source: Internet
Author: User

How can we stand alone in the face of the increasing threat of rogue software? I'm afraid this will be a concern for every online user. It is not ruled out that experienced users will use some well-known anti-rogue software to scan and kill hooligans on their computers. However, most rogue software has a "rogue force ", therefore, it is difficult to completely clear them.

For this reason, based on some of the features of rogue, the author uses manual operations to eliminate the rogue software on his computer.

I. It is imperative to close the rogue Process

If a rogue process exists in the task manager, it indicates that the rogue software is currently running in the background. If you do not end the process at this time, even if you find the rogue software that is behind the scenes, the malicious files cannot be deleted. The main reason is that the streamcompute software's self-protection plug-in through the DLL file plug-in to the table to allow it to delete rogue files. Therefore, we need to disable the desktop process with protection significance before deleting malicious files.

Worker Process, right-click the process name, and select the End Process option.

Then, in the displayed "Task Manager warning" dialog box, click "Yes (Y)" to end the desktop process. After the operation is completed, we will not be able to perform any operations on the desktop. Therefore, go back to the "Task Manager" dialog box and click "file"> "Create task (run ......)" . In the displayed dialog box, click the Browse button to go to the system directory (C: WindowsSystem32). Select "show all files" for the file type. Then find the msdc32.dllfile to delete it, and then use it to select the “explorer.exe file. Click the OPEN button to restore the desktop to normal, or restart the computer to achieve the same purpose.

2. Search for calling processes and delete malicious files

Because there are many types of rogue software, and the names of malicious processes are also frequently changed, it is not ruled out that when you know the specific location of the rogue file, but I don't know which process is calling. Similar to this problem, we do not know that we can use the Tasklist command that comes with the system to find the process of the file it calls.

Click Start> Run. In the displayed run dialog box, enter the CMD command and press enter to open the command prompt dialog box. Then, enter the "Tasklist/m> d: dll.txt" command and press enter to transfer the DLL module File loaded by the current process to the d: dll.txt file. Next, open the d: dll.txt text file in notepad, and then click "edit"> "Search" in the top, in the pop-up "Search" dialog box, enter the name of the malicious file and click "find next. After a few minutes, you will find its search name in the intent. conime.exe is the process that calls malicious files. After recording the logs, open the "manage tasks" dialog box and switch them to the "previous steps" tab. You can find the conime.exe process and finish it. Then, you can use the "search all files and folders" function provided by the local machine to find and delete malicious files, so that the rogue files can be successfully evicted.

Iii. Use Permission to evict rogue
Although most rogue software uses processes to protect their malicious files from being deleted, there are still a small number of hooligans that use the system permission function to protect themselves. For example, if a rogue file is intruded into a computer, it will set its own permissions to prohibit deletion by any user. In this way, if a common permission user wants to delete the file, the system will pop up a dialog box with "insufficient Permissions, the only solution is to increase the permissions of the current user.

First, find the rogue file hiding in the computer, right-click the file, select the "attribute" option, switch to the "Security" tab, and click the "advanced" button, in the displayed window, clear the "inherit permission projects that can be applied to sub-objects from the parent item" and the "include those explicitly defined projects here" check boxes, and then click "delete ", to remove all inherited permissions, click OK. At this time, the system will return to the "properties" window along the way. At this time, we click the "add" button to add users who are allowed to access the file to the "Group and user list ", and set the user permission to "full control", so that normal users can delete the hooligans in their files.

4. repair damaged hooligans to drive them away better

Some users may want to use professional malware to drive away the rogue existing in their machines. However, although it is known that the rogue file is not only not evicted, but also damaged by itself, as a result, we cannot clear it. I also believe that the number of users who encounter this problem is not a minority. Therefore, you may wish to use commands to fix the corrupted rogue files and then delete them.

Click Start> run on the desktop. In the displayed run dialog box, enter the CMD command and press enter to open the command line prompt dialog box. Then, enter "chkdsk d:/f/x" at the command prompt to scan and fix the rogue files in the damaged d disk. Of course, if your corrupted rogue file is on the C or E drive, you only need to change d: In the above command to the relevant drive letter name. After the files are successfully repaired, you can drive them away.

5. Use the decompression program to catch up with hooligans

As we all know, the winrar program is a good decompression software. Its functions are not only limited to helping you reduce the excess "fat" of files on your computer ", it can also help you to get rid of stubborn rogue files. After finding a rogue file on your computer and right-clicking the file and selecting "add to compressed file", the "compressed file name and Parameters" option is displayed, it is switched to the "regular" label by default. Here we keep the default value.

Select the "delete source file after compression (L)" option and click "OK. After compression, You can automatically delete the compressed rogue files, and delete the compressed rogue file package.

The preceding five methods are used to delete rogue files. You can use these methods based on your actual situation to better evict these files.


 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.