1. Clean up the machine as much as possible before using the tools of some commercial software or freeware.
Run anti-virus software or anti-spyware scan, and once found some unusual items are cleared immediately. There is a lot of content on this topic on the web. It is important to note that it is highly recommended to use and run more than one antivirus and antispyware scan to achieve thorough cleanup before entering the next step.
2. Establish a checkpoint or make a backup of the system.
If you're using Windows XP, that's convenient, so you can quickly build a system recovery point (open: Start menu DD Help and Support DD Use System Restore to restore changes to the system, then click the button to create a restore point). Of course there are other methods (the only way for those who use other operating systems in the Windows family) is to create a complete set of system backups, including System state information (you can use the NTBackup.exe file if none of the other options are feasible); He contains information about all new versions of Windows). In this case, if something goes wrong in the next step, you can restore the system to the previous correct state.
3. Close all unnecessary applications.
Some antispyware software looks for unusual signs from all the threads and registries that are running on the computer, so it can save a lot of time to quit all applications before starting the antispyware run check.
4. Run the antispyware program.
In this step, use hijack this software. Unzip the downloaded zip file into the directory you want, and then double-click the HijackThis.exe to execute the file, which will jump out with a hint "do a system scan and save a logfile." 's window. By default, log files are saved in My Documents, and it is useful to include date and time information in the saved log file name, so that a file named Hijackthis.log is renamed Hijackthis-yymmdd:hh.mm.log ( HH.MM is a few minutes from the 24-hour system). In this case, run hijack this again at any time (once you start running and automatically empty the previous log) without worrying about losing the previous log.
5. View the scan results shown in the hijack this results window.
This result is identical to the information written to the log file, and you will find a check box on the left side of each item. If you have selected some items, press the "Fix Checked" button and Hijack this to clear it completely. You'll find that there are a lot of seemingly secret files that can be scanned quickly to determine what action to take at this point. In fact, the real problem is identifying which files have potential threats, which are necessary, and which are irrelevant. The analysis tool can do us a great favor at this time. Remember, do not close the Find Results window for hijack this and do not require a check-in, as you will return to this window in the next steps.