1. If the system patch is not promptly applied or the logon password of the system account is too weak, the virus will use the system vulnerability or crack the weak password to continuously intrude into the system. This will cause repeated infections and prevent repeated attacks.
Typical examples of such viruses include: Love backdoor.
Solution: patch the system and set a complex logon password for the system account. We recommend that you use letters, numbers, and special characters to scan for viruses.
2. virus files are stored in some special folders, such as folders used by the System Restoration function, temporary ie folders, and folders corresponding to the recycle bin. These folders are "specially cared for" by the system ", antivirus software may not be able to clear virus files.
For the solution, see [organize] What should I do if the prompt "decompress the package" is displayed when rising anti-virus prompts?
Http://forum.ikaka.com/topic.asp? Board = 28 & artid = 5216854
3. The virus uses the injection process technologyCode(Generally put in the DLL file and inject it into the system progress (such as the assumer.exe process.
Typical examples of such viruses include: Wuhan boys.
"Trojan. psw. whboy.2005.d (Wuhan boys)" is the latest variant of "Wuhan boys". The virus code is placed in the dynamic library DLL and assisted by anotherProgramTo enhance the concealment of the virus.
Reference: Clearing notes for boys in Wuhan
Http://skyxnet.blogdriver.com/skyxnet/571424.html
For Windows 2000/XP/, the assumer.exe process can be reloaded, so we can handle it like this:
Run anti-virus main program
Use the Job Manager of windows to stop assumer.exe.
Switch to the main program window of anti-virus software to scan the system for virus detection and removal.
Use the Task Manager menu: file --> new task (run ..htm) to reload assumer.exe.
4. Protection against viruses.
Some viruses use process protection technology to ensure virus operation.
Virus files cannot be cleared because of virus processes.
1) The virus uses dual-process or multi-process daemon technology, that is, two or more virus processes run simultaneously. If one virus process is terminated, other virus processes will immediately create the terminated process.
Solution: scan and kill in security mode.
2) use the virus code injected into the system process as mentioned above to protect the virus process.
Solution: Same as 3.
3) the virus is started as a system service, so we cannot terminate it through the task manager.
Solution: stop the virus service first, and then completely scan and kill the virus.
If you cannot see or stop the virus service, you need to handle it in security mode.
5. Virus interception (Hook)-related API functions make anti-virus software unable to scan and clear virus files.
Typical examples of these viruses are: Gray pigeon. The gray pigeon intercepts API calls. In normal mode, the trojan file and its registered service items are hidden.
That is to say, even if you set "show all hidden files", you cannot see them.
Solution reference: manual removal of the gray pigeon virus [multiple images]
Http://it.rising.com.cn/newSite/Channels/Anti_Virus/Antivirus_Base/Antivirus_Tech/200502/01-112318318.htm
6. virus samples are incomplete. .
Solution: display the files in the Windows system folder in the time list in my computer or resource manager to find out the files that were created or modified at the same time as known virus files, and the latest files are backed up with compression software and deleted.