There is more and more viruses, and the technology is also increasingly advanced, but the virus is really unbeatable? In fact, we have touched Trojan, it is also a virus. Its mitting point is --- When it is turned on, it will automatically start us. As long as you can't get it, there will be no problem, the method is to click "Start" - "Run" - Enter "MSconfig" Enter, to the system usage configuration (except for the Windows 2000 family including the Server version, but you can download a XP or 2003 from the Internet to Windows / System32 / Next, it is best to use it. 98 under, because 98 does not support service). 1. This will find that there is "service" on the tab, and the current virus is smart, they register their own services, the average person can't find its startup item. 2. There is also the "start" here's regular start, 95% of software is so deep? 3. It is the association of the file (commonly used is executable EXE and Notepad file txt), that is, the virus or Trojan will be activated after you call a certain type of file, so you can clear! In fact, anti-virus software is extremely passive or even furnishings, and the method of escaping memory checks below, "shell" who has learned or programmers know, it is a kind of protection of software to prevent anti-compilation, but viruses have This armor anti-virus software can't recognize, and the principle of consuming software is the extraction of the signature. It is useless to kill virus software with a biased shell. So or manually check and stabilize. 4. Hidden service, now some software is getting worse, and the above methods have no way. In order to facilitate an anti-rootkit tool, you can find it. You can look up on search engines. 5. Thread injection, this virus is the most BT, but since the implementation of hidden methods is too complex, it is often high, you should have a few things, because hook technology-based software is unstable 6 Infection, this technique is quite ancient. Since most of the software under DOS is a COM suffix (16bit) generally only has a high-quality expert, but it has reached the Win32 era, the PE file emerges, the distribution of software resources There is a gap (because the PE file editor must be aligned), it is divided into a section is also called "section", so the truth of the compression of the plus software compressed by UPX is this, and the algorithm is also very simple. 7. Nuclear driver, understanding of Windows's underlying, knowing that Windows driver is running in RING0, which means that the task manager is not over, almost hardware is the same as the hardware, slightly higher, not TCP Osi oh) Technology I can think of so much, I have written so much mainly to take the role of throwing jade. If you don't understand, you can communicate with me with QQ or MSN. QQ: 122025848 MSN: Smartceo@msn.com Gmail: allinsmart@gmail.com Welcome Discussion (1987 --- smart cwj)
