Experts quickly identify the secret of computer poisoning

“ Thousands of defenses, viruses are difficult to prevent & rdquo;. Computer viruses have developed with the development of network technology, and now the virus has become one of the most troublesome and headache problems in our daily computer maintenance. After being infected by a virus, our computer will be paralyzed, and important file information will be leaked. If we can distinguish whether our computer is poisoned or not, we can save a lot of troubles for us. Now let's take a look at the secrets of discriminating computer poisoning shared by experts!

Br>

The first thing to check is the process, the method is simple, after booting, do not start anything!

Step 1: Open the task manager directly to see if there are any suspicious processes, processes that are not known You can Google or Baidu.

PS: If the task manager disappears after a flash, it can be determined that it has been poisoned; if the prompt has been disabled by the administrator, it should be alarmed!

Step 2: Open the ice Software such as the blade, first check whether there is a hidden process (marked in red in the ice blade), and then check whether the path of the system process is correct.

PS : If the ice blade can not be used normally, you can judge that it is poisoned; if there is a red process, you can basically judge that it has been poisoned; if there is a process of the normal system process name that is not in the normal directory, you can also judge that it has been poisoned. .

Step 3: If the process is all normal, use Wsyscheck and other tools to check if a suspicious thread is injected into the normal process.

PS: Wsyscheck will mark the injected process and normal process with different colors. If a process is injected, don't worry, first determine if the injected module is a virus, because some soft kill will also inject into the process. .

Second, the self-starting project

After the process is completed, if no abnormality is found, the startup item is started.

Step 1: Use msconfig to check if there is a suspicious service, start, run, enter “msconfig”, make sure, switch to the service tab, check the "Hide all Microsoft services" checkbox Then, confirm whether the remaining services are normal (can be identified by experience, you can also use the search engine).

PS: If an abnormality is found, it can be determined that it has been poisoned; if msconfig cannot be started, or it is automatically turned off after startup, it can be determined that it has been poisoned.

Step 2: Use msconfig to check if there is a suspicious self-starting item, switch to the “Start” tab, and check it one by one.

The third step, use Autoruns, etc., to view more detailed startup information (including services, drivers and self-starting items, IEBHO and other information).

PS: This requires a certain amount of experience.

Third, network connection

ADSL users, at this time can be virtual dial-up, connected to the Internet.

Then use the ice blade network connection to check whether there is a suspicious connection. For the IP address, you can go to http://www.ip138.com.html to query, the corresponding process and port information can go to Google (www.xitongzhijia.net) or Baidu query.

If you find an abnormality, don't worry, turn off the programs that may use the network in the system (such as download software such as Thunder, automatic update program of anti-virus software, IE browser, etc.), and check the network connection information again.

Fourth, security mode

Restart, directly enter the security mode, if you can not enter, and there is a blue screen and other phenomena, you should be vigilant, may be the sequelae of virus invasion, or the virus has not yet Clear!

V. Image Hijacking

Open the Registry Editor and navigate to HKEY_LOCAL_MACHINE->SOFTWARE->Microsoft->Windows NT->CurrentVersion->Image File Execution Options, check for suspicious image hijacking projects, if you find suspicious items, it is likely to have been poisoned.

VI. CPU time

If the system runs slowly after booting, you can also use CPU time as a reference to find suspicious processes. The method is as follows:

Open the task manager. Switch to the Process tab, point to “View”,“Select Column" in the menu, check “CPU Time”, then confirm, click the title of CPU time, sort, find in addition to SystemIdleProcess and SYSTEM In addition to the process with a large CPU time, this process needs a certain degree of vigilance.

The above points are the unique way for the master to distinguish whether the computer is poisoned or not. In fact, if we can identify whether the computer is poisoned or not in the daily use of the computer, we can save a lot of troubles. I believe this tutorial can help users who are defending against computer viruses.