Rogue Software Prevention: Prevention of judging and blocking rogue software

Source: Internet
Author: User

Because of the huge interests, most rogue software is relatively low-key and will try to hide itself. Therefore, the possibility of anti-virus software killing rogue software in a timely manner is greatly reduced, this requires users to have protection capabilities of rogue software to make the Internet more secure.
Prevention
The first step to prevent rogue software is to have a sense of security on the Internet, and do not easily log on to websites that you do not know, because it is likely to cause webpage script viruses, so that rogue software in the system. Do not download unfamiliar software. If you are not familiar with the software, you cannot detect the software when it is bundled with rogue software. When installing software, you should carefully read the User Agreement and instructions attached to the software. Some software prompts you to install rogue software in a way that does not attract user attention during installation, if the user does not carefully read the prompt, the rogue software will be installed. As this is the user's choice, the user will not be protected.
After installing the operating system, install patches on the Internet to fix known vulnerabilities. This prevents the presence of rogue software that exploits known vulnerabilities. If you use IE to access the Internet, you should adjust the security level of the browser to a higher level, or disable the execution of ACTIVEX controls and script programs in the Custom definition, this prevents intrusion of rogue software hidden in webpages.
Judgment
Step 2: Determine if you are already using rogue software. This depends on the symptoms of the rogue software. Generally, the browser homepage is modified without reason, the advertisement window is always displayed, CPU resources are heavily occupied, the system becomes very slow, the browser Often crashes, or a prompt box indicating that a DLL file cannot be found appears, these are the most common phenomena of rogue software. If these phenomena are found in the computer, it is very likely that the rogue software is in use and corresponding measures should be taken, however, if the CPU resources are heavily occupied and the system becomes slow, it is likely to be the cause of a variety of rogue software and should be processed as soon as possible.
Rogue software, no matter how complicated they are, has almost the same propagation process. They all go through software bundle or web page downloads to enter a temporary directory on the computer, generally, it is the root directory of the system or the default temporary directory of the system, and then activate itself. Then, the rogue software enters the memory and runs normally. When rogue software runs normally, they often modify the Registry's self-startup items to enable automatic startup for the next time. Then the rogue software copies itself to the system directory to hide it, then deletes the temporary installation file, and finally listens to the system port for various rogue actions.
If users like to download and install some small tool software, or go to some small websites to browse the Web page, although the computer does not see the above phenomenon, it may also be a rogue software, at this time, you should also pay attention to the computer to see if it is really tricky. Then you can troubleshoot the issue one by one based on the communication chain of rogue software. First, use some third-party memory viewing tools, such as the ice blade to check whether there are some suspicious processes or threads in the memory. This requires the user to understand the processes in the system or some common software, in this way, we can see the problem. Second, the user should look at the paths of these processes during the process of viewing. If the paths of some processes are not normal installation directories, but temporary directories of the system, it is generally a rogue software.
In addition, you also need to check the self-starting item HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run in the Run box of the Start menu in the registry) are there program key values that users do not know, which may be created by rogue software.
Action
It is relatively easy to clear the software that has been detected by yourself. For known rogue software, we recommend that you use dedicated cleanup tools. Currently, these tools are free of charge and you can easily download them from your website.
We do not recommend that you manually clear the rogue software here, because the rogue software is becoming more and more complex, and it is no longer the kind of solution to simply delete a few files. Many rogue software can be solved before they enter the system, the system is modified and associated. When a user deletes a rogue software file without authorization, the system cannot return to the initial state, which causes the rogue software to be cleared, but the system always has various errors. Professional cleanup tools often take this into account and help users completely restore their systems.
If you need to manually clear the rogue software in some special cases, follow the propagation chain of the rogue software to delete the memory first, and then delete the key value in the registry, finally, delete the rogue software and modify the system configuration to the default attribute for processing.

Related Articles]

  • Rogue software product: a good tool to clear rogue software
  • Rogue Software Prevention: Prevention of judging and blocking rogue software
  • Rogue software technology: Analysis of rogue software from a technical perspective
  • Rogue Software Overview: The best dingtalk in security history"

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.