Departure: Silicon Valley Power & cool guest heaven
If you have experience in Internet cafes or data center management, you must know that virus cultivation is a headache. Most of the current viruses have strong replication capabilities and can be spread over local networks, A large amount of system resources are consumed. If one server is infected with viruses in a local network, and the virus is not immediately eliminated or isolated, other servers will soon be infected with viruses. How can we prevent viruses, and quick anti-virus has become an urgent concern for every network administrator.
I have been working in an Internet cafe for another two years, and have been dealing with viruses for countless times. I am exhausted every time, but I finally ended up winning. In fact, there are two common viruses in Internet cafes. One is a highly destructive virus similar to CIH, which cannot be started after the virus is completed. This virus is the most harmful, but the probability of poisoning is relatively small; the other is script virus, such as nimumda, worm virus, new happy time and so on. These viruses won't make the machine unable to start after they are done. Instead, they consume system resources and only crash to the system. Compared with the CIH virus, they seem very inconspicuous, this virus is the biggest headache.
Let me first talk about my experience in fighting against the script virus. When an internet cafe is about to open, it usually needs to create a model hard disk. After installing all the software and games, it will clone it to other hosts with GHOST. However, when creating a template disk, make sure that the virus is not infected at all stages. Otherwise, if you use a template disk with a virus and then clone all the machines, in the future, it will certainly take more time to kill viruses, which will not only affect normal business operations, but will also be very troublesome to kill viruses. In this case, we should not be afraid to take time to create a model disk, and carefully think about every step before doing it.
First, when installing the system, use a CD to start the hard disk. Make sure that the disc has never been used to carry viruses, and the hard disk must have no files, otherwise, the remaining files may be infected with viruses, and these 1.1 files must be heartless. Do not back up a driver or software and do not delete it. Otherwise, after you have installed the system and find that you are in a happy time, you will regret it.
Second, after installing the system and then installing the driver, it is best to install anti-virus software first. Anti-virus software must first ensure that it does not have a virus. In fact, you can install the WIN98 file and anti-virus software (NAV8 is recommended ), there is also a kill toolkit, where the drivers of Internet cafe machines are put together and EasyBoot is used as a boot disc. With this disk, you can ensure that the master disk is not infected with viruses before installing other software and games.
Third, install the driver, first update the anti-virus software to the latest version, and then enable the virus firewall, engage in the installation files of software and games on prepared machines to install the necessary software and games for Internet cafes. After everything is done, test the games and software, then, create an ADMIN folder under the directory c, and put the kill toolkit, hard disk toolkit, network cloning tool, and backup registry in it for backup. It is good to make a general template disk. Of course, if the system configuration is not high, in order not to affect the speed of playing the game, the virus Firewall should be automatically started and canceled after cloning. Installing anti-virus software doesn't keep it on the firewall, because it consumes system resources. Second, it usually installs the recovery genie, And it just needs to restart the virus, it is mainly used in the future to upgrade the game or call files to open the firewall to Prevent Virus Infection in the calling file system. What's more, it is not a secret, and even careful people will not guarantee that there will be no virus in the future, therefore, you must install the anti-virus tool on each server, but you do not need to enable its protection function at ordinary times.
I think everyone must be in love forests, happy new times, and so on. Especially in the Internet, all machines are infected with viruses, each machine can generate hundreds or thousands of viruses, and I have used rising to generate more than 8000 viruses on one machine. These viruses are very bad. Generally, they are not easy to clean in WINDOWS. After each virus is killed, you will find that the anti-virus software itself has EXPLOR. EXE and other processes are still infected with viruses, and you can also clean them no matter how they are killed. In this case, it is best to restart to secure mode and then kill the virus. Do not open any window during antivirus, some viruses will be activated as long as you open the window, and it will be difficult to clear the virus if it occupies the memory. After the attack is completed, restart and then enter the security mode to kill the virus. Generally, the virus will be cleared several times. If not, you have to go to DOS to check and kill. General anti-virus software has its DOS version. Kingsoft's anti-virus software is KAVDX, Norton's is NAVDX, and other anti-virus software is also available, restart to pure DOS mode. If you jump to the installation directory and run the program, A prompt is displayed. Generally, if you select A (ALL), ALL files are automatically scanned and killed, however, virus detection is generally slow. It is worth noting that if all the machines are infected with viruses, you must turn off one of the switches and kill them. After the removal, back up the C drive and use a protection card or a recovery genie to protect them.
For the above script virus, it will be okay after the virus is killed, but for CIH and other viruses, in addition to the reply work after the virus is killed, in general, it destroys the partition table and the primary boot program, and seriously damages the BIOS. We can treat them separately. If the damage is only the primary Boot Record, you can use a clean boot floppy disk or a CD to start the system and run fdisk/mbr. You can also use DISKMAN, DISKGEN and other gadgets to recreate the Master Boot Record. If the partition table is damaged, the first consideration is to use DISKMAN to restore the partition table. If the damage is not serious, it can be recovered. Another method is to use the KV300 hard disk toolbox and use the F10 quick fix function. If not, you must manually edit the disk structure, partition table, and I/O table, if you are not familiar with the FAT table, ask a professional. But in most cases it is fixed like this.