Suggestions for killing viruses with Windows
My anti-virus recommendation: 1. End the suspicious process in the process manager! Or enter the security mode! (After paying the security mode, do not run the program at will, open the web, otherwise it is possible to activate the virus program) 2. Some viruses will And .exe bind, then save the following text to restore.reg, then double-click the import registry to restore .Exe's default binding 5.00 [HKEY_CLASES_ROOT / EXEFILE / Shell / Open / Command] @ = "/"% 1 / "% *" [HKEY_CLASS_ROOT / EXEFILE / Shell / Runas / Command] @ = "/"% 1 / "% *" Note: Windows 95/98 / Me / NT 4.0, etc. The first line of the REG file must be "regedit4" Windows 2000 / XP is "Windows Registry Editor Version 5.00" ------------------------- ------------------------------------------ 3. Open the registration table, find suspicious Self-started, generally in the following key values: hkey_current_user / currentversion / runhkey_local_machine / suftver / microsoft / windows / currentversion / run (fully deleted!) 4. Use the registry search to put suspicious procedures As keyword search in the registration table, then delete (tip skill, you can delete the parent) 5. Use the tool software to kill the virus! You must upgrade the virus library to the latest! PS: Win98, WinXP, Server 2003 comes with the utility Msconfig.exe, this is a good function to view the tool for setting the self-launcher, Win2000 and 2000 Server can port XP or 2003 Server Msconfig. * Win2000 basic process and module list (^ _ ^ convenient everyone Find suspicious programs in the process manager ^ _ ^) 1. The most basic system process (that is, these processes are the basic conditions of the system, there are these processes, the system can run normal) System IDle Process's process is As a single-threaded operation, the processor is dispatched when the system does not process other threads (can not be turned off from the task manager.) SMS S.exe session manager This is a session management subsystem that is responsible for starting a user session. This process is initialized through the system process and is reflected by many activities, including Winlogon, Win32 (CSRSS.exe) threads that have been running, and set system variables. After it starts these processes, it waits for Winlogon or CSRSS to end. If these processes are normal, the system is turned off. If something unpredictable occurs, smss.exe will stop the system to stop responding (that is, hangs). The CSRSS.exe subsystem server process is responsible for controlling Windows, creates or deletes threads and some 16-bit virtual MS-DOS environments. Winlogon.exe This process is managed by user login and launch. And Winlogon is activated when the user presses Ctrl Alt DEL, and the security dialog, Services.exe contains many system services LSASS.exe This is a local security authorization service, and it will generate a license user using Winlogon service A process. This process is performed by using authorized packets, such as default msgina.dll. If the authorization is successful, LSASS will generate the user's entry token, let the table use the initial shell.
Other processes initialized by users will inherit this token. SVCHOST.EXE When starting, svchost.exe checks the location in the registry to build a list of service that requires load. Multiple svchost.exe can run at the same time; each SVCHOST.exe's reply contains a set of services, and a separate service must rely on SVCHOST.EXE to know how to start there. Spoolsv.exe Manages the print and fax jobs in the buffer pool. (System Services) This process is not to be turned off from the task manager. Explorer.exe Explorer INTERNAT.EXE Pinyin Item 2, Additional System Process (these processes are not necessary, you can increase or decrease or decrease by service manager as needed) MStask.exe allows programs to run in specified time. (System Services) Regsvc.exe allows remote registry operations. (System Services) Winmgmt.exe Provides System Management Information (System Services). It is the core component of Win2000 client management. This process initializes when the client application is connected or when the manager needs his own service. INetInfo.exe provides FTP connection and management through the management unit of Internet Information Services. (System Services) TLNTSVR.EXE allows remote users to log in to the system and run console programs using the command line. (System Services) Allows the Web and FTP services to be managed through the management unit of Internet information. (System Services) TFTPD.exe implements TFTP Internet standards. This standard does not require username and password. Part of the remote installation service. (System Services) Termsrv.exe offers multi-session environments to allow client devices to access virtual Windows 2000 Professional desktop sessions and Windows-based programs running on the server. (System Services) DNS.exe Answer Query and Update Request for Domain Name System (DNS) name. (System Services) Third, the following services are rarely used, the services inside may be harmful to security, and if not necessary, TCPSVCS.exe is available to remotely launch the ability to remotely install Windows 2000 Professional on the PXE. (System Services) Support the following TCP / IP services: Character Generator, Daytime, Discard, Echo, and Quote of The Day. (System Services) ISMSERV.EXE allows you to send and receive messages between Windows Advanced Server sites. (System Services) UPS.exe Management Connect to the Uninterruptible Power Supply (UPS) of your computer. (System Services) Wins.exe Provides NetBIOS Name Services for registration and parsing of NetBIOS names for TCP / IP customers. (System Services) Llssrv.exe License Logging Service (System Service) NTFRS.exe Synchronization of the contents of the file directory content between multiple servers. (System Services) Rssub.exe controls media used to remotely store data. (System Services) Locator.exe Manages the RPC Name Service Database. (System Services) LserveR.exe Register a client license. (System Services) DFSSVC.exe Management Distributed on LAN or WAN to logical volumes. (System Services) Clipsrv.exe supports the "Scrapbook Viewer" so that you can access the scrap page from the remote scrapbook. (System Services) MSDTC.exe is a transaction, which is distributed in more than two databases, message queues, file systems, or other transaction protection resource managers. (System Services) FaxSvc.exe Helps you send and receive faxes. (System Services) CISVC.EXE INDEXING Service (System Service) Dmadmin.exe System Management Services for Disk Management Request. (System Services) MnMsrvc.exe allows users to access Windows desktops remotely using NetMeeting. (System Services) NetDe.exe provides network transfer and security features of Dynamic Data Exchange (DDE).