Frequent surfing on the network, in all likelihood, can not avoid network virus attacks, after using professional anti-virus programs to clear these virus programs and restart the computer system, we sometimes find that The virus that has been cleaned up has come back again. What is going on?
It turns out that many popular network viruses will automatically have a repair option left in the registry startup item of the computer system once they are started. After the system is restarted, these viruses can be restored to the state before the modification. . In order to "reject" the network virus restart, we can manually remove the virus legacy options from the registry in time to ensure that the computer system is no longer vulnerable to virus attacks.
Preventing web page startup
After many computer systems are infected with network viruses, they may be in HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce, HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\ CurrentVersion\\Run, HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\RunServices and other key values in the registry branch, there are similar content such as .html or .htm, in fact, the main role of this type of startup key is to wait for the computer After the system is successfully started, it will automatically access the specific website containing the network virus. If we do not delete these startup keys in time, it will easily lead to the re-emergence of the network virus.
To do this, we use the anti-virus program to clear the virus in the computer system, you also need to open the system registry editing window in time, and view the above several registry branch options one by one in the window, see See if the startup key values under these branches contain a suffix such as .html or .htm. Once found, we must select the key value and then click the Edit/Delete command to select the selected target key. Delete it, and finally press the F5 function key to refresh the system registry.
Of course, there are some viruses that will have the startup key value in the .vbs format in the startup key values below the above registry branches. We will also find them when we find such startup key values. Deleted.
Preventing startup through the back door
In order to avoid the user's manual "encirclement and suppression", many network viruses will perform some camouflage concealment operations in the startup items of the system registry, and users who are not familiar with the system Often do not dare to clear these startup key values, so that the virus program can achieve the purpose of restart.
For example, some viruses will create a startup key named "system32" under the above registry branches, and set the value of the key to "regedit -s D:\\Windows" ( As shown in Figure 1; at first glance, many users will think that this startup key value is automatically generated by the computer system, and does not dare to delete it at will, but the "-s" parameter is actually the backdoor parameter of the system registry. This parameter is used to import the registry, and can automatically generate vbs format files in the Windows system installation directory, through these files viruses can achieve the purpose of automatic startup. So, when we see the backdoor parameter key value like "regedit -s D:\\Windows" in the startup items of the above several registry branches, we must remove it without mercy.
Preventing startup via file
In addition to checking the registry startup key value, we also need to check the system's "Win.ini" file, because the network virus will also be in this Some legacy items are automatically generated in the file. If the illegal startup items in the file are not deleted, the network virus will come back.
In general, the "Win.ini" file is often located in the system's Windows installation directory, we can go to the system's Explorer window, find and open the file in the window, and then in the file In the editing area, check whether the options such as “run=” and “load=” contain some unknown content. If you find it, you must clear the content after “=” in time. Of course, it is best to look at the specifics before deleting. After the file name and path are completed, the corresponding virus file is deleted by entering the "system" folder window of the system.
After paying attention to the above details, many network viruses will not be so easy to restart in the future!
Microsoft wrote in an official guide: At some point, rather than setting a weak password, such as ab
When many users want to modify the font of WinXP system, enter the control panel-font, pop up the ap
Everyone knows that in the xp system, only the administrator authority can complete the shutdown ope
In the process of using the IE browser, sometimes after opening two or three web pages, I want to op
Use word to make the underline far from the text
Why can't I install Windows XP
Retrieve the mistakenly deleted files, so that you no longer worry about losing your hand
See how to set the folder properties to the system folder
How to force soft shutdown when XP system cannot shut down
10 essential free software to enhance Windows efficiency (1)
Explain Windows XP system troubleshooting method
XP stubborn documents, see how long you can barely
What to do when the volume is large and small
How to use DOS commands to quickly see the system clearly
Clearly understand the configuration of the computer hardware (1)
Windows XP system login password lost after two solutions
Ways to let those invalid program icons disappear completely
Win7 system computer update patch can not enter the system how to do
The method of adding a library in the Home folder in the Win10 system is
Use XP boot management to get Vista, XP dual system
Let Synaptic touchpad support single file scrolling with two fingers
Scanner lacks driver after upgrading to XP system