Some manifestations of viral infection
How do we know about the virus in the computer? In fact, computer poisoning and people are sick, there are always some obvious symptoms show. For example, the machine runs very slowly, not on the network, anti-virus software can not be born, Word documents can not open, the computer does not start, hard disk partitions found, data loss and so on, is a number of poisoning symptoms.
Virus Infection Diagnosis
1, press Ctrl+shift+delete (simultaneously press this three key), bring up the Windows Task Manager to see the system running process, find unfamiliar process and write down its name (this requires experience), if these processes are viruses, so as to facilitate the subsequent cleanup. Do not end these processes for the time being, because some viruses or illegal processes may not end here. Click Performance to view the current state of the CPU and memory, if the CPU utilization is close to 100% or memory occupancy value is high, at this time the probability of computer poisoning is 95%.
2. View the service items currently started by Windows, and open services in Administrative Tools in Control Panel. Look at the row in the right column status is the "Start" Start category is the "automatic" item; Generally speaking, a normal Windows service is basically descriptive (except for a handful of hackers or worms), double-click to open the service item that you think has a problem view the path and name of the executable file in its properties. If its name and path is C:/winnt/system32/explored.exe, the computer strokes. There is a situation where the "Control Panel" is not open or all the icons inside the left side, there is a vertical scroll bar, and the right is blank, and then double-click Add/Remove Programs or management tools, the window is empty, this is the characteristics of the virus file Winhlpp32.exe attack.
3, run Registry Editor, command for regedit or regedt32, view all those programs with Windows to start. Mainly look at the Hkey_local_machine/software/microsoft/windows/currentversion/run and the following several RunOnce, see the form to the right of the item value to see if there are illegal startup items. Windows XP run Msconfig also play the same role. With the accumulation of experience, you can easily judge the start of a virus.
4, in the browser to determine the Internet. A burst of Gaobot virus, can be on yahoo.com,sony.com and other sites, but can not visit such as www.symantec.com,www.ca.com such a well-known security manufacturer's website, installed symantecNorton2004 anti-virus software can not upgrade the Internet.
5, unhide the properties, view the System folder Winnt (Windows)/system32, if opened after the folder is empty, indicating that the computer has been poisoned; after opening the System32, you can sort the icons by type to see if there are any popular virus execution files. By the way, check the folder Tasks,wins,drivers. At present, there are virus execution files hiding in this; drivers/etc under the file hosts are viruses like to tamper with the object, it would have been only about 700 bytes, has been tampered with more than 1Kb, This is caused by the general Web site access and security vendors can not access the site, the famous anti-virus software can not upgrade the reason.
6, by the anti-virus software to determine whether poisoning, if poisoned, anti-virus software will be automatically terminated by the virus program, and manual upgrade failed.
Drug-killing
1, in the registration table to remove the illegal program initiated with the system, and then search the registry for all the key value, delete it. As a system service to start the virus program, will be in hkey_local_machine/system/controlset001/services and controlset002/services hiding, found and then destroyed.
2, stop the problem of service, change automatically for the prohibition.
3, if the file system32/drivers/etc/hosts is tampered with, restore it, that is, only one row of valid value "127.0.0.1localhost", the remaining lines are deleted. The host is then set to read-only.
4, restart the computer, press F8 into the "Safe Mode with the network." The goal is to keep virus programs from starting, and to patch Windows upgrades and upgrade antivirus software.
5, search for virus execution files, manual elimination.
6, to the Windows upgrade patching and anti-virus software upgrades.
7, shut down unnecessary system services, such as Remoteregistryservice.
8, the 6th step after the completion of the system with anti-virus software for a comprehensive scan, destroy slip through the network.
9, after the completion of the step, restart the computer, complete all operations.
The prevention and cure process of the virus has introduced to everybody, hoped everybody already grasps.
This article from the Internet and the search engine IT Technology blog http://www.guhongtao.com/issued reprint please be sure to indicate