Identify illegal processes and manual Antivirus

Source: Internet
Author: User

Simply put, a process is an execution activity of a program on a computer. When you run a program, you start a process. Processes are divided into system processes and user processes. System processes are mainly used to complete the functions of the operating system, while processes of applications such as QQ and Foxmail are user processes.

The importance of a process is reflected in the fact that you can observe it to determine which programs are running in the system and whether illegal programs are in the system. Correctly analyzing the process can help us manually remove viruses or trojans when anti-virus software does not work.

Observation Process

How do I know what processes are currently in the system? In Windows 98/Me/2000/XP/2003, press Ctrl + Alt + Delete to view the process directly, or open the "process" option of "Windows Task Manager" to view the process. Generally, the system paths include winlogon.exe, services.exe, assumer.exe, and svchost.exe. To be familiar with processes, you must first be familiar with the most common system processes, so that you can easily determine other strange process names (such as HELLO, GETPASSWORD, and WINDOWSSERVICE.

Conventional process killing

1. some processes cannot be deleted from the process options. In this case, you can open the Registry Editor (type regedit in "Start> Run"), find the key under "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun", and delete the suspicious options.

2. In addition, you can view all current processes through the "service" in the "Management Tools" of the system. Here, we will focus on the processes whose startup option is "automatic" in the service, check their names, paths, logon accounts, and service attributes. Check whether the "Recover" option is used to restart the computer. (This is the secret of restarting some machines ). Once a suspicious name is found, the process must be immediately disabled.

To completely delete these program processes, you can use the following method:

Open the Registry Editor and expand the branch "HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices". The service items installed on the local machine are displayed in the right pane. to delete a service, you only need to delete the key values in the registry.

3. In addition to the above two methods, we can first view the path and name of the Process file. Restart the system, press F8 to enter safe mode, and then delete the program in safe mode.

Here, I have compiled an example of a process SERVICE (system process) that is easy to recognize: HELLO-WORLD SERVICE 1. We can easily find it in the process list and "service. Based on the above method, we can kill or disable this process.

Many viruses and Trojans appear in the form of user processes, so most people think that "viruses cannot obtain the 'system' permission ". In fact, this is a wrong idea. Many viruses or Trojans can also gain SYSTEM permissions and pretend that SYSTEM processes appear in front of you. Therefore, this type of virus is quite confusing. In this case, only by constantly improving and paying attention to the knowledge of system security can we accurately determine whether the process is secure.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.