There was a virus, and then there was a soft killer. Today, we will share with you the hiding place of viruses in the Windows system so that you can find a ghost in the future.
1. When a virus is started, the dual process sticks to the virus and closes the antivirus program. HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun indicates whether there are any unfamiliar startup items. This is a common startup item, and many programs will be written here.
2. If anti-virus software is difficult to clean up or the anti-virus program is closed, it may also be executed. At this time, hklmsoftwaremicrosoftwindowscurrentversionjavasershellexecutehooks should be detected. A large number of malware and viruses will be written here. Because there are very few normal programs that will write data here, the probability of a virus is very high.
3. Sometimes, the anti-virus program is disabled in security mode. Check HKLMSOFTWAREMicrosoftWindowsNTCurrentVersionWindowsAppinit_Dlls. Few normal programs write data to this location, which has a high probability of viruses.
4. Some viruses are written to the underlying service and rootkits driver, which leads to hard cleaning. You can focus on HKLMSystemCurrentControlSetServices.
5. If a File with a specific File name cannot be executed, the image will be hijacked in. Check HKLMSoftwareMicrosoftWindowsNTCurrentVersionImage File Execution Options. Most AV viruses will be written here. Of course, the hijacked file is not necessarily an exe file. Some viruses hijack the ani. ani file to prevent ani. ani from restoring the virus's main file.
6. Some virus variants can delete the antivirus software installation file, modify the hosts file, write the hidden virus dll in the QQ directory, and modify the api hooh. In this case, check hklmsoftwaremicrosoftwindowscurrentversionpolicersharedtaskscheduler.
7. HKLMSOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad
It is quite easy to find the hidden place. We recommend that you back up the above seven Registries after installing the system. After a virus occurs in the future, you can directly import the backup registry file. Upgrade kill software to the latest version, and then go to the security mode to perform a full scan. In this case, the virus will not die.