Now people always encounter this situation, one day to open an attachment in their mail, because that mail address and a colleague's address is very similar, so did not consider the attachment to open the download. Do not want this attachment is a virus, it makes its own machine is slow, after the antivirus also does not have much effect. In fact, viruses, Trojans, and some malicious software, often to the windows of the registry, although the form of destruction is not the same, but after analyzing their destructive methods are not irregular to follow. The System settings and registry entries that are easily modified in some user systems are listed here. Suggest to replace with other Trojan kill tool to try, and then for the following registry key value to check to see if there are any signs of change. System Setup files for the Windows 9X system, it is common that virus modifications may change Autoexec.bat, as long as you add a statement that executes the virus program files to automatically activate the virus at system startup. * Change Drive:\windows\win.ini or system.ini files. Viruses usually add the name of the virus itself after the "run=" of Win.ini, or change "shell=" in the System.ini file. Registry keys currently, as long as the new worm/Trojan virus generally has to modify the system registry action. They are modified in a number of places: programs that are automatically executed at system startup hklm\software\microsoft\windows\currentversion\runonce\ system service programs that are executed automatically at system startup hklm\ Software\microsoft\windows\currentversion\runservices\ a program that is automatically executed at system startup, which is where the virus is most likely to be modified/added hklm\software\microsoft\ windows\currentversion\run\ HKEY_CLASSES_ROOT\Exefile\Shell\Open\Command Description: This key value allows the virus to run any EXE program when the user is running, and so on. \txtfile\. Or. \comfile\. can also be changed to enable the virus to automatically run the function. In addition, some health values may be exploited to implement more specific features: Some viruses prevent users from viewing and modifying the registry by modifying the following key values: Hkcu\software\microsoft\windows\currentversion\policies\ System\disableregistrytools = To prevent users from using. REG file modifies the registry key value, the following key values are also modified to display a Memory access error window. For example, the WIN32.SWEN.B virus modifies the default health value to: hkcr\regfile\shell\open\command\ (default) = "Cxsgrhcl.exe ShowError" by modifying the above places, The main purpose of the virus program is to automatically be executed during the system startup or the program running, and the purpose of automatic activation is achieved. The responsible editor Zhao Zhaoyi#51cto.com TEL: (010) 68476636-8001 to force (0 votes) is tempted (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title party (0 Votes) passing (0 Votes) The original: first to understand the most vulnerable to hackers use the registry location return to the column home
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.