Gradually, we will find that no matter how well protected the computer virus or Trojan is still unexpected, especially in some processes, it is difficult to see.
Any virus and trojan exist in the system, and can't completely separate from the process. Even with the hidden technology, it can still find clues from the process. Therefore, the process of viewing the activity in the system becomes our virus detection. The most direct method of Trojans. But there are so many processes running in the system at the same time, which are normal system processes, which are Trojan processes, and what role does the system process that is often counterfeited by the virus Trojan play in the system? Please see this article.
First, the virus process hides three methods
When we confirm that there is a virus in the system, but through the "task manager" to view the process in the system, we can not find a different process, This shows that the virus uses some hidden measures, summed up there are three methods:
1.1 to fake the real
The normal processes in the system are: svchost.exe, explorer.exe, iexplore.exe, winlogon.exe Etc., you may have found such a process in the system: svch0st.exe, explore.exe, iexplorer.exe, winlogin.exe. Contrast, find the difference? This is a trick that the virus often uses, the purpose is to confuse the user's eyes. Usually they will change the o of the normal process name in the system to 0, l to i, i to j, and then become their own process name, only a word difference, the meaning is completely different. Or one more letter or one less letter, for example, explorer.exe and iexplore.exe are easy to confuse, and then an iexplorer.exe is even more confusing. If the user is not careful, it is generally ignored, and the virus process has escaped.
1.2 Stealing the column
If the user is more careful, then the above trick is useless, the virus will be localized. Ever since, the virus has also learned to be smart, and knows how to steal the column. If the name of a process is svchost.exe, it is no different from the normal system process name. So is this process safe? No, in fact, it just uses the "task manager" to view the defect of the executable file corresponding to the process. We know that the executable file corresponding to the svchost.exe process is located in the directory "C:WINDOWSsystem32" (Windows2000 is the C:WINNTsystem32 directory). If the virus copies itself to "C:WINDOWS", it is renamed to svchost.exe. After running, we see svchost.exe in the "Task Manager", which is no different from the normal system process. Can you tell which one is a virus process?
Among all the systems, Win7 users account for the highest proportion, but many friends will find tha
Baidu network disk can store your photos, documents, music, videos and other resources, you can shar
How does the notebook disable the built-in microphone? Notebooks are usually equipped with a built-i
Recently, some users have reported a loud and long sound when the computer is turned on and cannot s
Windows system Your account has been disabled. Please consult the system administrator
Optimize the system, let mobile devices read and write as fast as lightning
How to clear the login information when the machine accesses the shared folder under Windows
Experts answer the Desktop.ini file is sacred
How to set up the computer time switch machine?
Software greening registry right-click menu
SSIS error recovery tool: CheckPoint
Start notepad++ with DOS command and open a file
The host window cannot access the directory provided by the virtual machine LinuxSamba service
How to modify the MAC address in Windows system
How to solve the rpc server is not available
Computer disk partitioning needs to pay attention to the problem
Linux does not start properly. Solution
IE11 and other browsers in Win8.1 can't access the Internet
Tutorials: Installing Win8 Dual System with U Disk
Win7 64-bit Ultimate Edition makes SSD SSD faster optimization method
Win10 Mobile Redstone 3 supports x86 emulator
What should I do if the menu bar in Win10 Task Manager is missing?
New, Refresh, and Other Commands in Windows 8 Applications
Win7+Win8 dual system easy installation tutorial Zero risk super simple 2 steps to get
Canon LBP 2900 driver installation steps How does WinXP install the Canon LBP 2900 driver?