Sreng is divided into four parts: start-up project, system repair, intelligent scanning and extension. Because it is not clear why the system is running slowly, first "smart scan" is used to give the system a "full-body check". It scans the system in a comprehensive way, including startup items, browser add-ons, running processes, file associations, and so on (Figure 1). When the program scan is complete, a detailed report is given to the user system. The author learned through the detection, the situation is due to some rogue software caused.
After determining that it is the act of a rogue software, prepare to purge it from the system. Although Rogue software and Trojans, viruses are not the same, but the way the operation is the same, I am ready to find the first rogue software startup items, and then step by step to clear.
In order to enhance the user's ability to identify, the new version of the Sreng added the Startup items, service risk judgment rules, when found suspicious content will be highlighted in color. Red indicates a high-risk item, and blue indicates an unknown security status item. The author first looks at the registry startup entry, Sreng will automatically read the contents of all Startup items in Windows system, and if the default key value is found to be modified to a Non-default value, a warning alert will be displayed to alert the user that there is no suspicious item.
I think along with Windows 2000, XP, 2003 of these NT kernel operating system gradually popularized, many software are "with the Times" instead of system services to start, I think the rogue software is no exception. Select the Services tab in startup Project and click the Win32 Service Application button to see the current system services in the pop-up window. By effectively managing these processes, optimizing the system, and then selecting the "Hide Microsoft Services" option, the program automatically masks the publisher as a Microsoft Project and finds suspicious from these non-Microsoft services, but does not find any suspicious startup items.
I know that in addition to using system services, the individual rogue software also uses the driver to start, everybody sees "the driver" This four words, may not simply and the hardware equipment link together, in fact many applications in the system's bottom all adopt the own written driver, the benefit is not only may enhance the program the stability , but also to better protect themselves (Figure 2). After the whole good Sreng added "driver" this project, through careful examination, finally found a red driver, called "Cnmin**.sys". After you have determined that the rogue software is driven, you can remove the driver by clicking the "Settings" button after selecting the "Remove service" option.
Amon tips: Use a variety of repair software to delete system-related files before you must back up the registry files to avoid accidental deletion caused by the system problems.
Just cleaned up the rogue software startup items, and then there are other tasks that need to be done because the rogue software changes the default information for many systems. In the File association tab, Sreng detects. CHM,. The file association of the files in HLP two formats was modified (Figure 3), showing an error mark. Select the two error associations and click on the "Repair" button to recover automatically.
In addition, browser add-ons are a method of self loading that most rogue software uses today, because browser add-ons are registered in the system, manual removal is difficult and can easily cause system instability. Now remove the selected rogue software by selecting the Rogue software option in the browser add-ins list and clicking the Delete Selection button (Figure 4). In addition, the rogue software also tampered with the browser default home page and or search engine, through the Windows Shell, Internet Explorer and other options in the function of the immediate repair. Eventually, the damn rogue software is completely removed from the system.