"Sparrow tactics" to counter AV Terminator virus

AV Terminator for one months, many friends already know the Golden Hill av Terminator kill can restore anti-virus software function, and then upgrade anti-virus software can solve a lot of problems. Whether the Netizen is the user of poison tyrant, the program of poison tyrant can solve the problem for netizen, it is our most happy thing.

Now we are looking at a new trend: The number of AV terminator viruses is updated quickly, but each has its own personality, a virus that does not invade a large number of machines, but spreads in a small area. But because of these population many, overall, still brings the very big trouble to the Netizen. It also poses a challenge for antivirus vendors-collecting all of the AV terminator samples becomes more difficult.

Another trend: AV Terminator virus is actually a trojan download, since it is a download, you can download Trojans, can also be used to update themselves. We found that the AV Terminator virus update quickly, once the author found that the program itself or downloaded Trojan can be detected by antivirus software, will release the updated program. The number of antivirus manufacturers is far less than the virus studio, the people who write the virus, far more than the people who write antivirus software, as well, the spread of the virus, also far more than the people who sell antivirus software.

This kind of tactics is too much like the Army "Sparrow War" in the anti-Japanese war--it is a small battle everywhere, now the virus propagator uses this to fight anti-virus software.

How do we fight back?

A more complete sample collection system is very important, our cleaning Expert 2.0 integrated the function of sample collection, netizens only need to put the unknown add-ins submitted to complete the process of sample escalation.

How to deal with netizens? Because there are always internet users will be hit by the virus.

Antivirus method, we have discussed a lot of, kill tools to restore the function of anti-virus software, and then use anti-virus software to solve the virus. For new viruses, follow the automated analysis system prompts to remove them. Internet users need to pay more attention to antivirus software upgrades.

Because this type of virus itself is activated by the activation of automatic playback function, many netizens encounter the virus, on the reload, operating habits are not very good, always double-click the icon to find the target program or document. This will feel----God, this is what virus, formatting are not, I want to lower the grid hard disk.

We should control the spread of the virus from the beginning to prevent the automatic playback. AutoPlay also has two situations, one is to configure each disk or mobile hard disk, memory card, u disk root directory under the Autorun.inf; the other is to modify the registry key. We deal with them in different ways.

First, we say the most, the easiest to use. Use the Group Policy Editor to disable AutoPlay.

Steps are: Run gpedit.msc, open Group Policy Editor, browse to Computer configuration → admin template → system, double-click disable AutoPlay, select all drives, and then reboot the computer.

This method is not suitable for WinXP Hom version, because Uncle Bill is too stingy, in the XP Home version of the Group Policy Editor to detain. At this time, you can use Jinshan poison PA to solve. Step: Double right corner red Shield, click the tool menu → comprehensive settings → other settings, select the "No hard disk or U disk autorun function", to determine the restart. The two versions of WinXP are available using this method and are recommended for use by users of toxic tyrants.

The above operation, you can make local disk, USB disk, mobile hard disk, memory card Autorun.inf configuration is completely invalid. It is strongly recommended that all newly installed operating system users immediately disable AutoPlay and then access other partitions or removable storage devices.

Second, some viruses directly modify the registry, so that the operation can not be resolved, you need to manually modify the registry key to repair

Hkey_current_user\software\microsoft\windows\currentversion\explorer\mountpoints2

This defines the right-click menu to delete the subkeys associated with the virus program reference.

Hkey_classes_root\drive\shell

Delete the registry key associated with the virus.

You can also find these virus programs based on the virus file paths referenced in the two keys above, and submit them to antivirus software vendors.