The operation method of computer kills worm virus

　　A worm is a self-contained program (or set of programs) that propagates copies of its own functionality or parts of it to its worm.

In his computer system (usually through a network connection). Note that unlike the general virus, worms do not have to attach themselves to the host program, and there are two types of worms: the host worm and the network worm. The primary computer worm is fully contained in the computer on which they are running. And the connection to the network only copies itself to other computers, and the main computer worm terminates itself (so that at any given moment, only a copy of the worm is running) when it adds its own copy to another host, which is sometimes called " Hares, worms are generally spread through 1434-port vulnerabilities.

--------below are the symptoms of the worm to see if it is a worm-------

Virus type: Worm virus

Object of attack: windowsnt4.0,windows2000,windowsxp,windowsserver2003

Transmission path: "Shock wave" is a use of Windows system RPC (remote procedure call, is a communication protocol, the program can use this protocol to another computer on the network to request Service) vulnerability, random attack, destructive worm virus. It does not need to be transmitted through e-mail (or attachments), more covert, and less susceptible to detection. It uses IP scanning technology to find computers with windows2000/xp/2003 operating systems on the network, and once it finds a vulnerable computer, it uses DCOM (a distributed object model, a protocol that enables software components to communicate directly over the network). RPC buffer vulnerabilities are implanted into the virus body to control and attack the system.

If it is a worm, you can do so by doing the following:

1. Discontinuation of the process

Press the "Ctrl+alt+del" key combination, select the Processes tab in Windows Task Manager, look for "msblast.exe" (or "Teekids.exe", "Penis32.exe"), select it, and then click "End Process" below. Button.

Tip: If you cannot run Windows Task Manager, you can enter cmd in start → Run to open the Command Prompt window and enter the following command "Taskkill.exe/immsblast.exe" (or "taskkill.exe/ Imteekids.exe "," Taskkill.exe/impenis32.exe ").

2. Delete virus body

Click "Start → search" in turn, select "All Files and folders" option, enter the keyword "msblast.exe", set the search target in the operating system partition. After the search is complete, delete the files found in the Search results window. Then use the same method to find and delete the "Teekids.exe" and "Penis32.exe" files.

Tip: In a Windows XP system, you should first disable the System Restore feature by right-clicking My Computer, choosing Properties, selecting the System Restore tab in System Properties, and then clicking Turn off System Restore on all drives.

If you cannot run search, you can enter cmd in start → Run to open the Command Prompt window and enter the following command:

"Del system disk Winntsystem32msblast.exe" (Windows2000 system) or "Del system disk Letter Windowssystemmsblast.exe" (Windows XP System)

3. Modify the Registration Form

Click "Start → run", enter "regedit" to open "Registry Editor", find "Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun" in turn, delete " Windowsautoupdate=msblast.exe "(virus variants may have different display content).

4. Restart your computer

After restarting the computer, the "shockwave" (ie worm virus) virus has been completely removed from the system.