Seven registries must be checked for virus and rogue software dens.

Source: Internet
Author: User

There was a virus, and then there was a soft killer. Today, we will share with you the hiding place of viruses in the Windows system so that you can find a ghost in the future.

1. When a virus is started, the dual process sticks to the virus and closes the antivirus program. HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun indicates whether there are any unfamiliar startup items. This is a common startup item, and many programs will be written here.

2. If anti-virus software is difficult to clean up or the anti-virus program is closed, it may also be executed. At this time, hklmsoftwaremicrosoftwindowscurrentversionjavasershellexecutehooks should be detected. A large number of malware and viruses will be written here. Because there are very few normal programs that will write data here, the probability of a virus is very high.

3. Sometimes, the anti-virus program is disabled in security mode. Check HKLMSOFTWAREMicrosoftWindowsNTCurrentVersionWindowsAppinit_Dlls. Few normal programs write data to this location, which has a high probability of viruses.

4. Some viruses are written to the underlying service and rootkits driver, which leads to hard cleaning. You can focus on HKLMSystemCurrentControlSetServices.

5. If a File with a specific File name cannot be executed, the image will be hijacked in. Check HKLMSoftwareMicrosoftWindowsNTCurrentVersionImage File Execution Options. Most AV viruses will be written here. Of course, the hijacked file is not necessarily an exe file. Some viruses hijack the ani. ani file to prevent ani. ani from restoring the virus's main file.

6. Some virus variants can delete the antivirus software installation file, modify the hosts file, write the hidden virus dll in the QQ directory, and modify the api hooh. In this case, check hklmsoftwaremicrosoftwindowscurrentversionpolicersharedtaskscheduler.

7. HKLMSOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad

It is quite easy to find the hidden place. We recommend that you back up the above seven Registries after installing the system. After a virus occurs in the future, you can directly import the backup registry file. Upgrade kill software to the latest version, and then go to the security mode to perform a full scan. In this case, the virus will not die.

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.