How to judge whether your computer contains a virus

xiaoxiao2021-04-10  515

Various viruses can also be a hundred flowers to today. It is a little abnormality that it finds that his computer is discovered. It is a virus to find anti-virus software. One will not, there seems to be no found. " As a result, the results of the virus software used one after another, perhaps the renminbi used a one, or did not see the traces of "Yuan", in fact, this is not necessarily a virus.

Such examples have many examples, especially for some primary computer users. Below I will introduce you to the following aspects from the following aspects of the use of personal computer use and corporate network maintenance, introduce how to determine whether there is a virus in the case, I hope to help identify "truth"!

Differences and contacts from viruses and soft, hardware failures

Computer failure is not just because of infectious viruses, various faults in the use of personal computer are mostly because of the soft and hardware failure of the computer itself, the network is mostly caused by permission settings. We only fully understand the differences and contacts of the two, can make the correct judgment, and it will be found in time when the real virus is coming. Below I briefly list some common computer failure symptoms caused by viruses and soft and hardware failures.

The possibility of intrusion of symptomatic viruses, and hardware failure

Cancer: The virus has opened a lot of documents or takes up a lot of memory; instability (such as poor memory quality, hardware overclocking energy); running large capacity software occupies a large amount of memory and disk space; use some test software ( There are many bugs; the hard disk space is not enough, etc.; often crash often when the software on the network is running too slow, the program is too large, or the hardware configuration of its workstation is too low.

The system cannot start: the virus modifies the boot information of the hard disk, or deletes some startup files. Such as guided viruses guided file damage; hard disk damage or parameter setting is incorrect; system files are wrong to delete.

The file cannot be opened: the virus modified the file format; the virus modified the file link location. File damage; hard disk damage; the link location corresponding to the file shortcut has changed; the software deleted by editing the file; if it is in the local area network, it has changed in the server storage location, and the workstation has no timely new machine The content (the resource manager is opened for a long time).

Frequent reports are not enough: virus illegally occupy a large amount of memory; open a lot of software; running the software that needs memory resources; the system is not correct; the memory is not enough (currently the basic memory requirements 128m).

It is suggested that the hard disk space is not enough: the virus replicates a large number of viral files (this encountered several cases, sometimes the nearly 10G hard drive in the end of the end is installed, there is no space, one installation software suggests that the hard disk space is not enough. The hard disk is too small for each partition; a large amount of large capacity software is installed; all software is set in a partition; the hard disk itself is small; if it is the system administrator in the LAN for each user, set a workstation user. Private disk "Use space limit, because viewed the size of the entire network disk, in fact, the capacity on" private disc "has been used.

Soft disk and other devices have not accessed, read and write signals: virus infection; the floppy disk is also open, and the file once opened in the floppy disk.

A large number of unknown files: virus copy files; may be temporary files generated in some software installations; also may be some software configuration information and running records.

Start black screen: virus infection (remember the deepest is 4.26 for 98 years, I paid a few thousand yuan for CIH, I first started to the Windows screen for the first time, I didn't have anything. ); Display fault; display card fault; motherboard failure; overclocking; CPU damage, etc. Data loss: Virus delete file; hard disk sector damage; overwrite the original file due to recovery files; if it is file on the network, It is because other users are mistaken.

Keyboard or mouse without end: viruses, pay special attention to "Trojan"; keyboard or mouse is damaged; damage to keyboard or mouse interface on the motherboard; run a keyboard or mouse lock program, the program is too large, long time The system is very busy, showing that the keyboard or mouse does not work.

The system is running slowly: the virus takes up the memory and CPU resources, runs a lot of illegal operations in the background; the hardware configuration is low; how much the open program is too large; the system configuration is incorrect; if it is a program on the network, most of the number due to the program Your machine configuration is too low, it is also possible to be busy on the Internet, there are many users open a program at the same time; there is a possibility that your hard disk space is not used for temporary exchange data.

The system is automatically executed: the virus performs illegal operation in the background; the user sets the automatic operation of the program in the registry or startup group; some software is installed or upgraded to automatically restart the system.

Through the above analysis, we know that most of the faults may be caused by human or soft, hardware failures. When we find abnormalities, don't worry about it, in the case of anti-virus, you should carefully analyze the characteristics of the fault Exclude soft, hardware, and artificial possibilities.

Classification of viruses and their respective features

To truly identify viruses, in time to kill viruses, we must also have more detailed understanding of the virus, and more detailed and better!

The virus is written separately by many dispersed individuals or organizations, and there is no standard to measure, and the classification of viruses can be generally degraded by multiple angles.

If the infection object is divided, the virus can be divided into the following categories:

A, guided virus

The object of this virus attack is the guiding sector of the disk, which enables the system to get priority execution at startup, thereby achieving the purpose of controlling the entire system, because such viruses are infected by guiding sectors, thus caused losses It is also relatively large, generally, it will cause the system to start normally, but the killing of such viruses is also easier, most anti-virus software can kill such viruses, such as KV300, KILL series, etc.

B, file virus

Early viruses are generally infected with Exe, COM, etc. to be extension, such words, when you perform an executable file, the virus program is activated. There are also some viral infections in DLL, OVL, SYS, etc., because these files are usually configured, link files, so the virus is loaded with the automatic quilt when performing a program. The same is to insert the virus code full paragraph or disperse into the blank byte of these documents, such as the CIH virus is to split itself into a 9-stage executable, the word usual files after infection. The number of times is not increased, which is the side of its concealedness.

C, network virus

This virus is a high-speed development of the network. The infected object is no longer limited to a single mode and a single executable file, but more integrated and more hidden. Now some network viruses can almost infection on all Office files, such as Word, Excel, email, and more. Its attack is also transformed. From the original delete, modify the file to the current file encryption, stealing the user useful information (such as a hacker program), etc., the passage of the propagation has also happened, no longer limit the disk, but through more hidden The network is carried out, such as email, electronic advertising, etc. D, composite virus

Take it as a "composite virus" because they have some features of "boot type" and "file type" viruses, which can infect the guiding sector file of the disk, or infecting an executable file. If there is no comprehensive removal of such viruses, the residual virus can be self-recovery, causing the infection of the sector file and executable file, so this virus is very difficult, and the anti-virus software used is also available at the same time. Kill the functions of two types of viruses.

The above is in accordance with the object of viral infection, and if we are divided according to the virus, we can divide the virus into the following:

A, benign virus:

These viruses call them as a benign virus because their invasion is not to destroy your system, just want to play, and most of them are some primary virus enthusiasts want to test their own development virus programs. They don't want to destroy your system, just emit some kind of sound, or some prompts, in addition to occupying a certain hard disk space and CPU processing time, no other harm. For example, some Trojan virus programs are the case, just want to steal some communication information in your computer, such as password, IP address, etc., for use.

B, malignant virus

We use only the software system to disturb, steal information, and modify system information, and will not cause hardware damage. If the data loss, etc. is "malignant virus", and the system after such viruses cannot be used normally. There is no other loss. After the system is damaged, it can only be recovered after a certain part of the system is reinable. Of course, it is still necessary to kill these viruses.

C, extremely malignant virus

Such viruses are more damaged than the above Class B virus. Generally, if you are infected with such viruses, you must completely crash, you can't start normally, you keep the useful data that you keep it in the hard disk. It can't get it, it's just a little bit to delete system files and applications.

D, catastrophic virus

Such viruses we can know that it will give us the degree of destruction, this virus is generally destroying the directive sector file of the disk, modifying the file allocation table and the hard disk partition table, resulting in the system at all, sometimes Even formatting or locking your hard drive so you can't use the hard drive. If you are in dyed such a virus, your system is difficult to recover, and the data retained in the hard disk is difficult to get, the damage caused is very huge, so when we evolve the worst Plan, especially for corporate users, it should be fully made of catastrophic backup, and now most large companies have realized the meaning of backup, and spend huge money on the daily system and data backup, although everyone knows maybe It is impossible to encounter such disastrous consequences, but it is still relaxed. This is the case, and it also attaches this issue very much. Such as the CIH virus on the 98th 4.26 can be classified, because it not only causes the software to damage the software, but also directly to hard disk, motherboard BIOS and other hardware.

As such, according to its intrusion, it is divided into the following:

A, source code embedded attack type

From its name, we know that this virus invasion is mainly the source of advanced languages. The virus is inserted into the virus code before the source program is compiled. Finally, the source program is compiled into an executable file, so that the file generated is to bring Poison file. Of course, such documents are very small, because these virus developers can't easily get the source procedures before compilation of software development companies, and this intrusion is difficult, and very professional programming levels are required. B, code replacement attack

Such viruses mainly replace the entire or part of the module of an intrusion program with its own virus code. This virus is rare, it is mainly to attack a specific process, more targeted, but it is not easy to discover, clear it. difficult.

C, system modification type

Such viruses are mainly to cover or modify certain files in the system to meet some of the features in the system, because they are direct infection systems, which are harmful, and most of the most common viral types, more For documentoviruses.

D, housing additional

Such viruses are usually attached to the head or tail of the normal program, which is equivalent to adding a housing to the program. When executed by the infected program, the virus code is executed first, and then the normal program is transferred into memory. At present, most file type viruses belong to this.

After some basic knowledge of the virus, now we can check if you contain a virus in your computer, you know that we can judge in the following ways.

1, scanning method for anti-virus software

This is probably the premiere of our majority, and I am afraid it is the only choice. Now the virus is more and more, the hidden means are increasing, so it brings new difficulty to kill viruses, but also Virus software developers bring challenges. However, with the technical improvement of computer program development language, computer network is increasingly popular, and the development and communication of viruses is becoming more and more, and there is more and more anti-virus software development companies. But it is still a more famous or a few system of anti-virus software, such as Jinshan Drug Dynamics. As for these anti-virus software, it is not necessary to say this, I believe everyone has this level!

2, observation method

This approach is only to be observed accurately if you understand the symptoms of some viruses. If the hard disk is guided, it often occurs, the system is booted, the running speed is slow, and the hard disk can not be accessed, and the above-mentioned failure of the above in the first big point, we must consider the virus is Being a monster, but you can't walk in a hurdle. I am not talking about soft, hardware failure may also have those symptoms! We can observe from the following aspects of the following aspects:

a, memory observation

This method is generally used under the virus found under DOS. We can use the "MEM / C / P" command under DOS to see the cases of the programs to occupy the memory, from which the virus occupies the memory (generally not occupying, but In other programs), some viruses occupy memory, can't be found in "MEM / C / P", but you can see that the total basic memory 640K is less than the neighborhood 1K or a few K.

B, registry observation method

Such methods are generally applicable to the so-called hacker programs recently, such as Trojans, which are generally automatically started or loaded by modifying the start of the registry, the loading configuration reaches automatic start or loading, usually in the following places:

[HKEY_CURRENT_USER / SOFTWARE / Microsoft / Windows / CurrentVersion

Wait, I can refer to my other article - "Tong Tong Look at Trojan", there is a more detailed analysis of the place that may occur in the registry.

C, system configuration file observation method

Such methods are generally applicable to hacking programs, which are generally hidden in System.ini, Wini.ini (Win9x / WinME) and launch group, there is a "shell =" item in the System.ini file, and In the Wini.ini file, "LOAD =", "run =" items, these viruses are generally in these items, and pay attention to the original aprono. We can run a Msconfig.exe program in Win9x / WinMe to see an item. Specifically, please refer to my article "Tong Tong Xi Trojan". d, feature string observation

This method is mainly for some of the more special viruses, and these viruses will write corresponding feature codes, such as CIH viruses, will write a string such as "CIH" in the invasive file, of course we can't find it easily We can find that the main system files (such as Explorer.exe) use the 16-Binary Code Editor to find that it is best to back up before editing, after all, is the main system file.

e, hard disk space observation

Some viruses do not destroy your system files, but only generate a hidden file, this file is very small, but the hard disk space is very large, sometimes you have to make your hard drive can't run a general program, but you check I can't see it. At this time, we will open the Explorer, and then set the content property of the view to view all the properties (this method should not need me?), I believe this huge substitute will definitely Imprissible because the virus generally sets it to hide attributes. Remove it, this example is in the process of computer network maintenance and personal computer maintenance, clearly installed several common procedures, why is there a few G's hard disk space in the C drive There is no, it is generally possible to quickly let the virus can be developed quickly after the above method.

转载请注明原文地址:https://www.9cbs.com/read-133380.html

New Post(0)