Use the registry image to manage viruses

Although the current anti-virus software upgrade is very fast, the system is basically not affected by the virus, but the anti-virus software also has some unsatisfactory places. Now the virus will adopt the technology of IFO. The popular way is to image hijacking, using the registration. The following key values ​​in the table:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options location to change the program call, but the virus uses the normal anti-virus software here to steal the virus program. Things have their two sides. In fact, we can also use this key to deceive the virus Trojan and make it effective. It can be said that it will be calculated and treated.

Below we take the shielding of an unknown virus KAVSVC.EXE as an example, the operation method is as follows:

Step 1: First create the following text file, input the following:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVSVC.EXE]

”Debugger”=”d:1.exe”

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsKAVSVC.EXE]

”Debugger”=”d:1.exe”

(Note: There is a blank line under the first line of code.)

Step: Save the above text as 1.reg, double-click 1.reg to import the reg file, and confirm.

Step 3: Click "Start → Run”, enter KAVSVC.EXE.

Tip: 1.exe can be any useless file. We create a text file and change the suffix .txt to .exe.

It is not difficult to use this registry method. It is necessary to manually operate it. If you don't bother to do it, the effect of your own hands-on operation is better, and you don't have to rely entirely on anti-virus software. It is.