Just a few strokes: refusing to repeat the virus

Recently on the forum to see a netizen for help

Disk partitions cannot be opened by double-clicking;

Inserting a U disk causes virus infection;

After the virus obviously completely reload the system (refers to the format of the system disk after reloading or ghost recovery), but the virus is still rampant. This article will teach you the causes of these phenomena, corresponding defense strategies and solutions.

First of all, the disk double-click can not open the principle of it

Let's do an experiment where you can record an executable file at the root of a section. The example is the typing practice of this software. Then we open the Notepad and enter

[Autorun]

open= typing software. exe open= Enter the file name of your executable file

Then save it as a Autorun.inf file and place it in the root directory of the partition as shown in Figure 1

Figure 1 Example

Next restart the computer, and then double-click the partition, which was originally intended to enter the partition, but executed your executable file. Right-click on the letter to see more than one AutoPlay, if the executable is a virus, the result is.

This is the disk partition can not double-click to open, insert U disk caused by the principle of virus infection.

You can see that the Autorun.inf file is the way to load this type of virus.

Some netizens will ask, "I don't see this virus." That's because the virus author has assigned a hidden attribute to the file.

Then the user will ask "I also chose to show all the files ah" virus authors in order to achieve hidden purposes, modify the registry to show hidden files related to the options, so that you even choose to display all files, you can not achieve the purpose of displaying hidden files. Here the author provides the relevant repair display hidden file Registry repair file for everyone to download, click to download, you download and run the file can see the hidden Autorun.inf file.

Knowing the principle, we have to guard against this kind of virus.

Preferred method: Group Policy (This method applies to XP Professional users, XP Home Edition users skip)

Concrete operation method start → run → input gpedit.msc→ ok → Computer Configuration → admin template → system shutdown auto play → enabled → all drives → OK as shown in Figure 2

Figure 2

After doing so not afraid of the virus through the Autorun.inf automatically play this function to load.

The second method

Create a folder named Autorun.inf in the root directory of each partition (U disk) is a folder, not a file.

One drawback to this is that it's easy to get deleted by a virus. So we can use the filename feature to create a folder that is not easy to delete in the Autorun.inf folder.

Start-Program-attachment-command prompt to enter double quotes inside the "MD x:\autorun.inf\ normal immune file." \ "In practice, you need to replace x with the disk character of the corresponding partition."

The virus obviously completely reload the system, but the virus is still rampant. What's the reason?

Reason may have

The first case

The above is said, although you completely reinstall the system, but the other partitions of the root directory of the Autorun.inf virus has not been cleared, so you double-click into the other partitions, which will cause the virus reinfection.

Workaround: Do not enter other partitions after completely reloading the system, Right-click My computer → search → select all files and folders → Select more advanced options → check search hidden files and folders → file names fill in autorun.inf→ and then press search → then open any autorun.inf in the root directory of the partition and record open= Xxx.exe this file name → then go back to the search window → remove any autorun.inf files that are located in the root directory of the partition.

Then search for files that have just been recorded Xxx.exe (the file name is different from the actual situation) → Delete any files that are located in the root directory of the partition.

And then use the immune method described above as a precaution against your system.

Second case

Is that the virus that you have will infect executable files and Web page files. There are many netizens like to put the common Software installation program on the hard disk, to facilitate the reload system or when needed to install the use of real-time.

The first time after fully reloading the system is to install or directly use those common software (such as anti-virus software, such as QQ), because the installer (executable program) has been infected, so that the virus reactivated.

Precautionary method: In order to prevent the installer from being infected by a virus, compressed files can be used to compress and package, so as to avoid these programs infected with the virus, but also save disk space.

Solution: Completely reinstall the system, do not install or run the original hard drive in any program, you can use CD-ROM or u disk from someone else's computer copy antivirus software installation program to come → install anti-virus software and upgrade to the latest virus → and then use anti-virus software to kill the whole virus. Remember that cleaning the virus requires that you choose to clear the virus instead of removing the virus. Removing a virus means removing the virus from the normal program and deleting it directly from your program.

Third situation

After completely reloading the system, as your system does not have a security patch, a network is infected by worm virus automatically.

Prevention methods: 1. Install and upgrade antivirus software and it's open real-time monitoring after the networking (upgrade antivirus software with offline upgrade package) 2. Use Super Bunny to upgrade the angel for your system offline patched and then networked.