Key Analysis: Causes and Countermeasures for killing viruses

I. Reasons Why viruses cannot be killed

It is often said that the virus software reported to have killed the virus, but the virus still exists after it is restarted and cannot be killed. The following are the main reasons why viruses cannot die:

1. The virus is running. Because Windows protects running programs, antivirus software cannot kill running viruses. Even if the virus is actually killed, the virus that is active in the memory when the computer is shut down normally will copy another virus to the hard disk.

2. The virus is hidden in the _ restore folder restored by the system.

Ii. Countermeasures

1. Stop the virus process before virus removal in Windows. For Windows XP/2000, you can use the Task Manager (Ctrl + Alt + Del press the three keys) to view all current processes. For Windows 98/Me, you can use the hacker getting started toolbox or ATM to view the process. Determine which one is to stop or to stop it if it is not clear. This process is commonly known as "Kill process ".

Do not be afraid of errors, because it will not cause any damage to the computer, and at most it will be a crash. Note: The kill process operation can only be successful twice. Some viruses have two processes that protect each other. Killing one virus will be detected and restored by the other. In this case, you should first remove the startup entry of the virus in the Registry, and then restart the computer with a sudden power failure, and then disinfect the virus.

2. Use the Virus killer tool in Windows. Use the latest anti-virus version.

3. Disable system restoration. To Disable Windows ME, right-click my computer and choose Properties> performance> file system> troubleshooting> disable system restoration. To Disable Windows XP, choose Control Panel> system> System Properties> System Restore> disable System Restore on all drives. Start the computer with a floppy disk or USB flash drive and delete the _ RESTORE folder under dos.

4. There is no problem of killing the virus in Dos. General anti-virus software can be used to create a floppy disk version (including at least three floppy disks), start with the first disk (in CMOS, the floppy disk must be set to start before) then, follow the prompts to add other disks to the system to directly eliminate viruses. Rising's floppy disk version needs to use the mouse to determine the antivirus drive, whereas Kingsoft's floppy disk version uses the entire machine for detection and removal by default.

In fact, it is easier to use Kingsoft drug overlord to disinfect the virus in DOS. after starting the computer with a general floppy disk or a USB flash disk, switch to drive C and then enter the Kingsoft drug overlord directory (command: cd kav or cd kav5, related to the version), input KAVDX, and press enter to start antivirus.

5. Supplemental operations. The registry should be repaired after the virus is killed.