Frequent surfing on the Internet, in all likelihood, can not avoid the network virus attack, after using professional anti-virus programs to clear these virus programs and restart the computer system, we sometimes find The virus that has been cleaned up has come back again. What is going on?
It turns out that many popular network viruses will automatically be repaired in the registry startup of the computer system once they are started. Option, these viruses will be restored to their pre-modification state after the system is restarted. In order to <;reject" network virus restart, we can manually remove the virus legacy option from the registry in time to ensure that the computer system is no longer vulnerable to virus attacks.
stop start
Many computer systems through a web page infected with a network virus, might
HKEY_CURRENT_USER \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ RunOnce
HKEY_CURRENT_USER \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ Run
HKEY_CURRENT_USER \\ Software \\ Microsoft \\ Windows \\ CurrentVersion \\ RunServices and other branches of the following registry keys, the emergence of similar There are such contents as .html or .htm. In fact, the main function of this type of startup key is to automatically access a specific website containing a network virus after the computer system is successfully started. If we do not delete these startup keys in time, it is very It is easy to cause a resurgence of network viruses.
To do this, we use the anti-virus program to clear the virus in the computer system, you also need to open the system registry editing window in time, and view the above several registry branch options one by one in the window, see See if the startup key values under these branches contain a suffix such as .html or .htm. Once found, we must select the key value and then click the “edit”/“delete” command to select The target key value is deleted, and finally press the F5 function key to refresh the system registry. When
Of course, there are some viruses will be in the above registry branch following several startup keys, a start key left with .vbs format and found that we have such a start key And delete them.
blocked from starting
In order to avoid user manual & ldquo through the back door; crush & rdquo ;, many network virus disguised covert operations in some startup items in the system registry, Users who are not familiar with the system often do not dare to clear these startup keys, so that the virus program can achieve the purpose of restarting.
For example, some viruses create a launch key named "system32" under the above registry branches and set the value of the key to "regedit -s D:\\Windows" At first glance, many users will think that this startup key value is automatically generated by the computer system, and dare not delete it at will. It is not known that the "-s" parameter is actually the backdoor parameter of the system registry. To import the registry, you can automatically generate vbs format files in the Windows system installation directory, through these files viruses can achieve the purpose of automatic startup. So, when we see the backdoor parameter key value of "regedit -s D:\\Windows" in the startup items of the above several registry branches, we must remove it without mercy.
Preventing startup via file
In addition to checking the registry startup key, we also check the system's "Win.ini" file because the network virus will also be This file automatically generates some legacy items. If you do not delete the illegal startup items in the file, the network virus will come back.
In general, " Win.ini " file system often located in the Windows installation directory, we can enter into the Explorer window system, and locate and open the file in the window Then, in the file editing area, check whether the options such as "run=", "load=" contain unknown content. If you find it, you must clear the content after “=” Of course, it is best to look at the specific file name and path before deleting. After completing the deletion operation, enter the system"system" folder window and delete the corresponding virus file.
After paying attention to the above details, many network viruses will not be so easy to restart in the future!
1. Disable the sleep function Open the control panel power option sleep tab, tick off the sleep opti
On the WinXP system, open the task manager and you can see that such a program is running, that is,
Recently, users who use the WinXP system have popped up a "script error"
Computer used for a long time will always have many problems, more common are: boot desktop display
The reason and solution for the white screen after WinXP enters the welcome interface
WinXP control panel "switch classification view" is gone?
WinXP system right mouse button menu cleaning method
Why can't I recover DirectDraw video
How WinXP prints multiple pictures on a single sheet of paper
How to retrieve the "Services" option that disappears in the WinXP Control Panel
Explain the common Chinese character input method
Quickly add image settings in the header or footer of Excel
WindowsXP quickly clears the explorer.exe virus method
If the boot sector of the system partition is destroyed,
WinXP computer boot password cracking method
What should I do if WinXP sets the account password to be invalid?
Win8 computer prompts memory shortage when closing the game
Win10 system recording screen recording shortcut "Win+G" tutorial
Windows 7 install Hyper-V management server
How to solve the WinXP computer desktop icon has been tampered with?
Win10 Tip: This key does not apply to this version of Windows solution
Open webpage graphic tutorial in IE10 settings tab under Win8
How to achieve multi-user remote desktop connection win7
How to cancel the Win10 power-on password? Win10 cancel the power-on login password method