First, let the virus disappear from the directory
We start with the directory where the virus resides, and if the virus has a separate directory like normal software, then we can smile a little bit--the virus is weaker. When you check the directory's creation time, you can tell when you dyed the poison and you may find out where the poison came from. If it does not have its own separate directory, but it exists in the system directory, it is also better to do, the virus is not generally destructive, you can directly view its properties to understand all the necessary information. If it exists in every directory on your computer, then Windows comes with the file search feature. Although it is copied everywhere, the virus has only one main program file, and is a birth, the size of the file must be consistent. Open File Search advanced features, fill in the EXE file type and the size of the file input, and then press ENTER, and then hidden in your hard drive every corner of the virus will be exposed. You can find the first virus to attack your machine with the build-time sort. Now all the virus data files are in front of a few, at least the virus can be the main component of your attack, then please big kill it, you find with any virus-related EXE, DLL, data Delete all. But don't do it too well, leave at least one exe as a specimen, change its extension to DAT and package with RAR, and we'll use it later. In addition, please be very cautious, do not put the file is not a virus mistakenly deleted, it is a fatal mistake! After processing the hard disk virus, do not restart the computer, it may lead to naught, because some viruses are not so easy to find. If some viruses do not appear as EXE, but other such as COM, RAR, and so on, our file size search method as applicable, change the extension on the line. But I'm going to tell you something unfortunate, the main program file size is not the same virus is not yet, but does not mean that there will not be, by then we can only use the key data matching search.
Second, the final attack on the virus to launch the offensive
The virus on the hard disk has been eradicated by us, but even more troublesome things are waiting for us to know that the enemy is the most terrible. Where is the last position of the virus? There is no doubt that the legendary registration form. Because the information about the system services is stored in the registry, I classify the service contents in this section. The first thing to do is to double-check your list of services, carefully check every service that is not described, and see if it's related to the process you just ended. For the Chinese version of Windows users, the detection of virus services have a certain advantage, the reason is more ridiculous, that is foreign programmers do not understand the virus in Chinese, so they do not use the Chinese description to disguise themselves as a system service. Therefore, we should pay special attention to all the services described in English. I have seen a more malicious virus, it will be the normal process of the system to kill, and then the process of description, name and other information applied to themselves, camouflage is really seamless. But finally revealed the slip, it is the corresponding EXE file is completely wrong. When making sure that the process is secure, we can go directly to the registry, check the registry automatically when the system is started, and see if there are any suspicious programs. My experience is that when the system starts basically does not carry any program, really want to run to put in the Start menu of the startup item, this not only safe, and can for you to discover the virus to bring the great convenience. In fact, countless years of practice have proven that the removal of all automatic startup items has no adverse effect on the machine. The system itself will not put the key launcher there, for the system is the key to the operation of the service is actually. However, when you find the virus here, do not rush to delete the key value, you should record it, to see if its corresponding program has been your record. Then the virus program may be the name of the copy down, one by one in the registry search, all the matches found to delete all. However, there is some danger in doing this, and I strongly recommend that you export key values for backup before you delete them. After the killing and scanning of the registry, we can finally breathe a sigh of relief, because the virus and its family are likely to have been brutally slaughtered by us. Once you have checked the process list again to make sure it is correct, you can restart the computer to see if the virus will attack again.
Third, the truly formidable adversary
Remember the above contents of the middle-level referred to the parasitic in the browser process or system services in the process of the virus? They deserve to be our most fearsome enemy. However, as you remove the information they have hidden in the registry, most of them will not be attached to the system process after you restart the machine, then you can clear them by the way they are, which doesn't sound very complicated, does it? But the more frightening virus is still in the back, that is, the virus at the time of operation to monitor the registry, once found that its registration information in the registry is destroyed, will be immediately restored, so that your operation on the registry is invalid. For such a virus, we can only use a clean DOS boot disk to start the machine, and then delete its program files, and then start into Windows, delete it in the registry information. Some friends will ask, why not enter Safe mode antivirus. Of course, the vast majority of useless services and processes are not started in Safe mode, but this is ineffective for the insane special virus, and even when they find your machine in safe mode, they immediately launch a final onslaught that will completely paralyze your machine. Although such a ruthless virus for the general friend is a century difficult to meet.