Identifying common problems in the prevention and control of essential computer viruses

One is to remove the virus program code from the infected file (for example, if a 10 K file is infected with a 2 K Virus and becomes 12 K, restore to a normal file of 10 KB). This is called clearing.
1. Why can't some viruses be cleared (not running) and can only be isolated but not cleared?

There are two cases for antivirus software.

One is to remove the virus program code from the infected file (for example, if a 10 K file is infected with a 2 K Virus and becomes 12 K, restore to a normal file of 10 KB;

One is to delete the entire Virus File (because the file is full of virus program code). This situation is especially prone to viruses such as Troy Trojans and worms, which are isolated.

2. Will the residual files after virus cleanup be automatically deleted after virus cleanup?

No. Some viruses, Trojans, backdoors, and other malware write some files in the system to record their own running status or to record the data obtained from the system. Because these files are used to record data, they are no different from normal pure data files and are not capable of execution, so they will not be detected, the corresponding file will not be processed automatically.

3. Why do other software sometimes think that a file is a virus, but the trend is not a virus?

There are some minor differences in the identification standards of viruses by various anti-virus manufacturers, resulting in the detection results of some manufacturers of some files but not those of other manufacturers. For example, if a program requires the customer to recognize its End User License Agreement during execution, Trend Micro will not detect it as a virus, while other manufacturers may detect the program as a virus.

4. How does Trend Micro's anti-virus software handle an unknown virus? In addition to isolation, how can this problem be solved?

When a virus is detected, Trend Micro's antivirus software can usually take the following measures:

Clear

Isolation

Delete

Rename

Pass (I .e. no disposal)

If you suspect that your system is infected with an unknown virus, you can ask him to compress the suspicious file into a zip file, use the password virus during compression, and then send it to the mailbox: virus_doctor@trendmicro.com.cn for analysis

5. The virus is constantly detected. Will our virus code keep increasing?

In the current situation, as new viruses are detected, new virus features will be added to the virus pattern, and our virus pattern will continue to increase.

6. Will the Scan Engine continue with the virus if it is not updated?

A virus code contains specific characteristics of a virus. The Scan Engine compares these features to determine whether the scanned file is a virus. Therefore, theoretically, the virus can be detected as long as the virus code contains the characteristics of the relevant virus.

7. What Should customers do if they want to delete isolated virus files if they are system files?

As system files are part of the operating system, we recommend that you use the original operating system installation disk to restore the corresponding files.

8. For files that cannot be cleared from the quarantine area, can the virus in the file be cleared after the new antidote is released?

Files that cannot clear viruses may be in the following two situations:

This file is generated after virus file instead of virus infection. In this case, only isolation or deletion measures can be taken, because the file contains only virus code and there is no clearing problem.

The virus uses some special methods to infect files and processes the infected files. So that the anti-virus software cannot effectively restore the original file. However, it does not rule out the possibility of cleaning with the improvement of anti-virus software.

9. What are the common types of viruses?

Depending on the type of virus infected files, common viruses are:

Macro virus

Script Virus

File virus (infected with executable files)

10. If a virus attack has a cycle, can the Time of the local machine be changed?

Modifying the system time does prevent periodic virus outbreaks, but it is not absolutely feasible. Because of the complexity of the trigger mechanism, modifying the system time cannot completely prevent the virus from occurring.

11. Features and differences of worms

A computer worm is a program (or a group of programs) that replicates itself to other computer systems. The most important feature is that its replication occurs between computers.

12. A customer said that a recovery disk should be installed on the computer and the disk can be recovered immediately after being poisoned. So what is disk recovery?

Restoring a disk may be some data backup measures taken by the customer. When there is a problem with the system, it is relatively convenient to use the previous data backup to restore the system.

13. Why do many customers say they cannot kill Trojans?

This problem may be caused by the following reasons: For a program running in a Windows operating system, the original file to be executed is often in a protected state, this disables operations on this file. Many trojan programs write down projects that can be automatically executed when Windows is started in the system file or the system registry. Therefore, Trojans that have been started by the system often run in the system, as a result, the anti-virus software cannot effectively process the trojan program.

14. Which viruses have an incubation period?

Whether a virus has an latent period depends on the specific trigger condition of the virus. Only viruses that trigger the period of time have an latent period.

15. What is the file generated by different viruses?

Depending on the specific file type of the virus, the macro virus is usually infected with Word documents and Excel spreadsheet files; the script virus is usually infected with webpage files; the file virus is usually infected with executable programs, for example, exe files.

16. Specific manifestations of virus infection, mainly in the form of extensions, and some naming rules

The virus format of Trend Micro is usually

TYPE is the virus TYPE:

Common Types

WORM

TROJ Trojan

BKDR Backdoor

PE file type

NAME indicates the virus NAME.

VARIANT is a virus.

For example: WORM_KLEZ.H. The virus is of the worm type and its name is KLEZ.

17. Spread of various viruses

Common virus transmission methods include:

By email

Share via network

Through point-to-point file sharing software

Disks and other media

18. How to Use TCS, use system clean (more detailed)

TSC usage:

1. Close all running Windows and programs. Pay special attention to disable real-time antivirus software. If the virus is serious, you can temporarily segment the network connection.

2. In resource manager's [tools] [Folder Options], select the [use windows traditional style folder] Option to disable resource manager's automatic calls to Web browsers. (Some viruses are specially infected with web pages. Once Web browser programs, such as IE, are enabled, the viruses on the opened pages cannot be effectively cleared.

3. Run the Downloaded Program [tsc.exe], which can be executed in the following two ways:

A. Double-click it in Resource Manager (Windows Explorer. This is the recommended mode.

B. Run the command in the console (command prompt). You can select the running parameter.

(If you cannot download the latest tool at the moment, please use the version that comes with this media temporarily. Directory:

4. Sometimes the system may be repeatedly infected by different viruses, so you can try to run the tsc tool several more times. After running, you can continue to use sysclean or other tools to perform further Virus Cleaning for the entire system.

Note:

1. note: This tool will generate the log file "YYYYMMDD. LOG "(" YYYY "indicates the current year," MM "indicates the month, and" DD "indicates the date, that is, the time of the running day. Logs of the same day are stored in a document. For example, 20030523), which contains detailed logs for cleaning viruses; c: backup files are generated under the empackup directory. Therefore, ensure that the C drive has sufficient space to be downloaded.

2. For Windows ME/XP systems, because of its own system protection and recovery functions, it is likely that the virus will not be cleared, or the virus file will be restored after the system is restarted. Therefore, disable the system recovery function before cleaning the virus.

3. If some systems are seriously damaged, you can press the [F8] key when trying to start the system and select safe mode to clean the virus.

Running Parameters in Command Line Mode

/DI does not repair the system INI file when a virus is detected

/The registry is not repaired when DR detects a virus.

/DBI disable system INI file backup

/DBR disable registry file backup

/DBF disable virus file backup

/BP = specifies the backup path

/DP = Specify the debug log path

/DN = specify the name of the debug log file

/PP = Specify the TSC data file path

/MN enable undetected virus message box prompt

/MVS enable the virus detection message box prompt

/HD hide the TSC Console

/VL: display the list of detected viruses

Sysclean usage:

Usage

1. Close all running Windows and programs. Pay special attention to disable real-time antivirus software.

2. In resource manager's [tools] [Folder Options], select the [use windows traditional style folder] Option to disable resource manager's automatic calls to Web browsers. (Some viruses are specially infected with web pages. Once Web browser programs, such as IE, are enabled, the viruses on the opened pages cannot be effectively cleared.

3. Run the Downloaded Program [sysclean_nnnn_Pxxx.com], which can be executed in either of the following ways:

A. Double-click it in Resource Manager (Windows Explorer. This is the recommended mode.

B. Run the command in the console (command prompt). You can select the running parameter.

(If you cannot download the latest Sysclean tool at the moment, use the built-in version in this media temporarily. Directory:

4. During the first anti-virus process, use sysclean's default settings to scan all files in the system, that is, use the [auto clean/Automatic Anti-Virus] mode to scan the system.

(In this mode, sysclean is more secure to delete files that cannot be cleared.

5. If a virus is detected during the first scan, perform the second scan. In this case, modify the sysclean scan settings. Do not select the [auto clean/auto clear] Option to scan the entire system file again.

(When sysclean scans infected files that cannot be automatically cleared, a message is displayed to delete the files. At this time, please Root