Measure the test taker's knowledge about computer viruses and network security.

Comments: This article mainly introduces the knowledge of viruses and how to prevent viruses and viruses.Some manifestations of virus infection
How do we know that the computer is infected with viruses? In fact, computer poisoning is the same as people getting sick. There are always some obvious symptoms. For example, the machine runs very slowly, cannot access the Internet, the antivirus software cannot generate the level, the Word document cannot be opened, the computer cannot start normally, the hard disk partition cannot be found, and the data is lost. This is a warning of the virus.
　　Virus infection diagnosis
1. Press Ctrl + Shift + Delete (press these three keys at the same time) to bring up the windows Task Manager to view the processes running in the system, find the processes that are unfamiliar with the system, and write down their names (this requires experience ), if these processes are viruses, they can be easily cleared later. Do not end these processes temporarily, because some virus or illegal processes may not end here. Click performance to view the current status of CPU and memory. If the CPU usage is close to 100% or the memory usage remains high, the possibility of computer poisoning is 95%.
2. view the service items currently started in windows. Open "service" in "Administrative Tools" in "Control Panel ". The row in the right column is in the "Start" Startup category as "automatic". Generally, normal windows Services, basically, there are descriptive content (except for a few spoofed by hackers or worms ), double-click the service item that you think is faulty to view the path and name of the executable file in its properties. If the name and path are C:/winnt/system32/explored.exe, you can click it on the computer. One scenario is that the "control panel" cannot be opened or all the icons in it can be reached to the left. There is a vertical scroll bar in the middle, and the right side is blank. Then, double-click the Add/delete program or management tool. The window is empty. This is the feature of winhlpp3.
3. Run the Registry Editor command regedit or regedt32 to check that all programs are started with windows. Mainly look at Hkey_Local_Machine/Software/MicroSoft/Windows/CurrentVersion/Run and the following RunOnce, check the item value on the right of the form to see if there are illegal startup items. Running msconfig in Windows XP also plays the same role. With the accumulation of experience, you can easily determine the startup items of the virus.
4. Use a browser to access the Internet. The previous outbreak of Gaobot virus can go to websites such as yahoo.com and sony.com, but cannot access websites of famous security vendors such as www.symantec.com and www.ca.com. Anti-virus software installed with symantecNorton2004 cannot be upgraded online.
5. unhide the system folder winnt (windows)/system32. If the folder is empty, the computer is poisoned. After enabling system32, you can sort the icons by type, check whether the execution file of the virus exists. By the way, check the Folder Tasks, wins, drivers. currently, some virus execution files are hidden here. The hosts file in drivers/etc is the object that the virus prefers to tamper with. It was originally about 700 bytes, and it became more than 1 kb after being tampered, this is the reason why General websites can be accessed, websites of security vendors cannot be accessed, and the famous anti-virus software cannot be upgraded.
6. the antivirus software determines whether the virus is poisoned. If the virus is poisoned, the antivirus software is automatically terminated by the virus program and the manual upgrade fails.
　　Anti-Virus
1. Delete the illegal programs started with the system in the registry, search for all the key values in the registry, and delete them. As a virus program started by the System service, it is hidden in Hkey_Local_Machine/System/ControlSet001/services and controlset002/services, and then eliminated together.
2. Stop the problematic service and change it to disabled automatically.
3. If the file system32/drivers/etc/hosts is tampered with, restore it, that is, only one row of valid value "127.0.0.1localhost" is left, and other rows are deleted. Set the host to read-only.
4. Restart your computer and press F8 to enter the "safe mode with network ". The purpose is not to start the virus program, but to patch Windows and Upgrade anti-virus software.
5. Search for virus execution files and manually delete them.
6. Install patches for Windows and Upgrade anti-virus software.
7. disable unnecessary system services, such as remoteregistryservice.
8. After completing step 4, Use anti-virus software to fully scan the system and eliminate the fish that have been leaked.
9. After completing the preceding steps, restart the computer to complete all operations.
The virus prevention and control process has been completed.
As long as the computer system is infected with viruses, there will always be exceptions. When these phenomena are discovered, we should usually suspect that the system is infected with viruses.
The following lists some common exceptions:
The disk's primary boot area, Boot Sector, file allocation table, or root directory is modified.
The length or content of the system file has changed.
The disk has a fixed "bad sector", and the available space of the disk becomes smaller.
Abnormal information is displayed on the screen.
The system boot process slows down significantly, the machine speed slows down significantly, and the disk access time gets longer.
The original normal files on the disk cannot run or run abnormally.
The system device cannot be used for no reason. For example, the system cannot identify the C drive or the keyboard suddenly cannot be used.
The computer beeps.
The system restarts abnormally or crashes frequently.
The length, creation date, or attributes of an executable file (in the format of COM or EXE) are changed for no reason.
The DOS interrupt vector has changed.
The available memory space is reduced.
The file or other files are inexplicably hidden.
To suspect that a computer system is infected with a virus, take the following steps:
(1) shut down.
(2) isolated computers (if connected ).
(3) Start the system disk with a known clean, write-protected operating system disk and back up important data information.
(4) scan the disk with anti-virus software to kill viruses.
(5) Register virus activities, trigger conditions and all symptoms, and notify relevant computer managers.
(6) boot again with a known clean, write-protected operating system disk.
If anti-virus software cannot kill viruses, you can perform low-level formatting on all hard disks, reconfigure CMOS, and reinstall the operating system and other software from known clean source disks.
The computer network provides resource sharing. This improves system reliability. The work efficiency is improved by distributing the workload, and it is scalable. These features increase Network Vulnerabilities and complexity, and increase the possibility of network information being attacked by resource sharing and distribution. when a computer network is used for communication, it usually uses communication lines, network interfaces, switches, routers, and other components. These components are often the targets of network attacks.
　　Next, we will introduce the following network insecurity factors:
Environmental factors such as earthquakes, fires, floods, and other natural disasters, as well as dangers to network equipment due to excessively high or low ambient temperature, unsuitable humidity, and non-conforming electromagnetic and power environments.
Equipment faults may cause data loss or paralyze the entire network due to device faults.
Line interference may occur when the public carrier switching equipment is outdated or the communication line address is poor, resulting in data transmission errors.
Electromagnetic leakage may occur when the network port, transmission line, and processor are not properly shielded or unshielded.
As the amount of information transmitted increases, the confidentiality of transmitted data increases. Some people with bad attempts may listen to communication lines and receive information illegally.
An illegal terminal may be connected to an existing terminal. When a valid user is disconnected from the Internet, the illegal user can access the device and manipulate the computer's communication interface, or, for some reason, transmit the information to the illegal terminal.
Illegal Information is injected into the phone line to intentionally inject illegal information, or the transmitted information is intercepted, and the original information is deleted, or the injected illegal information is sent, so that the recipient receives the error message.
Hackers often conduct in-depth research on network devices, network protocols, operating systems, and network application software. Therefore, there are many attack methods. According to statistics, attack software that hackers can use. Various vulnerabilities. Hackers develop on their own or use existing tools to find Network Defects and launch attacks against these defects. The defects mentioned here include software defects, network protocol defects and Management defects.
Early hackers must be very familiar with computers and networks, because to discover and confirm a system vulnerability, they may need to perform a lot of tests, analyze a lot of code, and write programs for a long time. currently, most hackers use existing hacking tools and do not require superb technology. In addition, hacker sites are everywhere on the Internet and hacking tools can be downloaded at will. Therefore, hacker attacks are the biggest threat to network security.