No matter work or entertainment, computer has become an indispensable item for people. Now, although there are many anti-virus software and firewalls for everyone to protect the computer, but new viruses and Trojans, together with hackers’ artificial intrusion, computer poisoning is still very common. Especially Internet users, one does not pay attention to will be recruited, so, when the computer poisoning, what should we do?
Treatment of computer poisoning
1、 Signs of computer poisoning
How do we know the virus in the computer? In fact, computer poisoning is the same as human disease, there will always be some obvious symptoms. For example: the machine runs very slowly, can’t get on the network, anti-virus software can’t generate level, word document can’t be opened, the computer can’t start normally, hard disk partition can’t be found, data loss, etc., are some symptoms of poisoning.
2、 How to diagnose
1. Press Ctrl + Shift + ese (press these three keys at the same time) to call up Windows Task Manager to view the running processes of the system, find out the unfamiliar processes and write down their names. If these processes are viruses, they can be cleaned up later. Do not end these processes temporarily, because some viruses or illegal processes may not be able to end here. Click performance to check the current status of CPU and memory. If the CPU utilization is close to 100% or the memory usage is high, the probability of computer poisoning is 95%
2. View the service items currently started by windows, and open “service” from “management tool” in “control panel”. See the row with the status of “start” and the start category of “auto” in the right column; Generally speaking, a normal windows service basically has a description (except for a few forged by hackers or worms). At this time, double-click the service item that is considered to be in question to view the path and name of the executable file in its properties. If its name and path are C: winntsystem32 explored.exe , computer. There is a case where the “control panel” can not be opened or all the icons in it run to the left, there is a vertical scroll bar in the middle, and the right is blank, and then double-click add / remove programs or management tools, the window is empty, which is the characteristics of the attack of the virus file winhlpp32.exe.
3. Run the registry editor. The command is regedit or regedt32. Check to see which programs are started with windows. Mainly look at HKEY_ Local_ Machine software microsoftwindowscurrentversionrun and the following RunOnce, etc. check the item value on the right side of the form to see if there is an illegal boot item. Windows XP runs msconfig for the same purpose. With the accumulation of experience, you can easily determine the start-up of the virus
4. Use the Internet browser to judge. When surfing the Internet, try to go to some big stations or regular websites.
5. Remove the hidden attribute and check the system folder WinNT (Windows) system32. If the folder is empty after opening, it indicates that the computer has been poisoned. After opening system32, you can sort the icons by type to see if there are any execution files of popular viruses. By the way, check the folder tasks, wins, drivers. At present, some virus execution files are hidden here. The file hosts under driversetc is the object that viruses like to tamper with. It originally only has 700 bytes or so. After being tampered, it becomes more than 1KB. This is the reason why the general website can be accessed but the website of the security manufacturer cannot be accessed and the famous anti-virus software cannot be upgraded.
6. Determine whether the antivirus software is poisoned or not. If poisoned, the antivirus software will be automatically terminated by the virus program, and the manual upgrade fails Antivirus, suggestions
1. Delete the illegal program launched with the system in the registry, then search all the key values in the registry, and delete them. As a virus program started by the system service, it will be sent to HKEY_ Local_ Machine system control set001services and control set002services are hidden in the database. When they are found, they are destroyed together.
2. Stop the service in question and change it to forbidden.
3. If the file system32driversetchosts is tampered with, recover it, that is, only one line of valid value “127.0.0.1 localhost” is left, and the rest lines are deleted. Then set the host to read-only.
4. Restart the computer and press F8 to enter “security mode with network”. The purpose is not to let the virus program start, but to patch the windows upgrade and upgrade the anti-virus software.
5. Search for the execution file of the virus and destroy it manually.
6. Patch the windows upgrade and upgrade the anti-virus software.
7. Turn off unnecessary system services, such as remote registry service. 8. After step 6 is completed, use anti-virus software to conduct a comprehensive scan of the system to eliminate the fish that are missing.
9. After the previous step, restart the computer and complete all operations.
Prevention is in advance, so the function of virus prevention is far better than killing virus, so it is necessary to establish strict preventive measures! Usually, it is suggested that users can browse less unhealthy websites, do not easily open and visit the links sent by strangers, and do more computer cleaning and inspection in their spare time, so as to effectively prevent virus invasion!
The above is the knowledge of computer poisoning treatment method introduced by Xiaobian to you. I hope it can help you. If you have any questions, please leave a message and Xiaobian will reply you in time. Thank you very much for your support of the developepaer website!