How to use system process to reject virus attack

To prevent the virus, only rely on antivirus is not enough, because all anti-virus software is the data on your computer and virus samples in the library to compare to determine whether poisoning. Therefore, there is no new virus in the virus library is powerless, so we need to learn the manual anti-virus method.

The process is the executing program that is currently running. The executable virus also appears as a "process" in the system, and we can see which processes are running by opening the list of system processes, determining if there is a virus through the process name and path, and if so, write down its process name, end the process, and then remove the virus program.

How to view a list of processes

To view the list of processes in win98/me: Click Start-> Programs-> attachments-> System Tools-> System Information-> Software Environment-> "Running Tasks", open a list of processes.

In addition to viewing in Win2000/xp, you can press the "Alt+ctrl+del" key combination to open Task Manager and view it on the processes page.

Ii. Judging those are the normal processes

System process name tables, system processes generally include: basic system processes and additional processes. The basic system process is a prerequisite for the system to run, and the attached process can be run or terminated on demand.

1. Basic System process:

Csrss.exe: This is a subsystem process that is responsible for controlling Windows creation or deletion of threads and 16-bit virtual DOS environments.

Lsass.exe: Manage IP Security Policies and start Isakmp/oakley (IKE) and IP security drivers.

Explorer.exe: Resource Manager.

Smss.exe: This is a session management subsystem that is responsible for initiating user sessions.

Servi.exe: A management tool for system services that includes many system services.

System:windows System Process

System Idle Processes: This process is running on each of the threads as a single thread, and allocating the processor time when the system does not process another thread.

Spoolsv.exe: Manages print and fax jobs in the buffer.

Svchost.exe: When the system is started, Svchost.exe will check the location in to create a list of services that need to be loaded, and if multiple Svchost.exe are running concurrently, there are currently several groups of services active; multiple DLL files are calling it.

Winlogon.exe: Manage User Login

These processes are essential to the operation, do not randomly "kill", otherwise it may directly affect the normal operation of the system.

2. Additional Process

In addition to the basic system process, the other is the additional process, such as Wuauclt.exe (Automatic Updates), Systray.exe (Display system tray small horn icon), Ctfmon.exe (Microsoft Input method), Mstask.exe (Scheduled Tasks), Winampa.exe and so on, the additional process can be on demand, and will not affect the normal operation of the system core.

3, the application process

The currently running application is also displayed in the process list, and it is best to shut down the program that is running when you want to search for it, and the virus does not generally end with the application shutting down.

When we find that the "unknown process name" is not in the system Process name table, it should be listed as a suspicious process.

Third, processing

1. Test method: After the suspect process is over, by "Start →→ file or folder → with suspicious process name as keyword to the entire search", find the corresponding program, write down its path, move it to a floppy disk or a U disk, and then run the software on the computer again, if all the normal operation, Show that the process is redundant or a virus, even if it is not a virus to delete it can also give the system to lose weight. If the software does not work correctly, restore it.

2, consult the law

When the "unknown process" is a virus, you can copy the full name of the process, go to the forum to consult, or use the full name of the process as a keyword to search around the world, find its relevant information to see if it is a virus. If it is, delete it quickly.