Safety Protection Tips: How to judge whether your computer contains viruses

xiaoxiao2021-03-06  40

Safety Protection Tips: How to judge whether your computer contains viruses

November 29, 2004 16:39 ENET Silicon Valley Powerful Viruses Today, it is also a hundred flowers. It is a bitter, and once it finds that your computer is a little abnormally, it is determined to be a virus in the monsters. If you are looking for anti-virus software, one is not Again, there seems to not find "Yuan Yur" vowed, and the results of the virus software use one after another, maybe for this renminbi, there is still a trace of "Yuan funeral", in fact, this is not necessarily It is the virus in the monster. Such examples have many examples, especially for some primary computer users. Below I will introduce you to the following aspects from the following aspects of the use of personal computer use and corporate network maintenance, introduce how to determine whether there is a virus in the case, I hope to help identify "truth"! The difference between virus and soft, hardware failure is not just because the infectious virus will have, and there are many faults in the process of personal computer use because of the soft and hardware failure of the computer itself. It is caused by permission settings. We only fully understand the differences and contacts of the two, can make the correct judgment, and it will be found in time when the real virus is coming. Below I briefly list some common computer failure symptoms caused by viruses and soft and hardware failures. The possibility of the invasion of the symptom virus is soft, the possibility of hardware failure is often crashing: the virus opened a lot of documents or occupied a large amount of memory; unstable (such as memory quality, hardware overclocking energy, etc.); running large capacity software occupied A large amount of memory and disk space; use some test software (there are many bugs); the hard disk space is not enough, and the software often crashes frequently because the network speed is too slow, the program is too big, or yourself The hardware configuration of the workstation is too low. The system cannot start: the virus modifies the boot information of the hard disk, or deletes some startup files. Such as guided viruses guided file damage; hard disk damage or parameter setting is incorrect; system files are wrong to delete. The file cannot be opened: the virus modified the file format; the virus modified the file link location. File damage; hard disk damage; the link location corresponding to the file shortcut has changed; the software deleted by editing the file; if it is in the local area network, it has changed in the server storage location, and the workstation has no timely new machine The content (the resource manager is opened for a long time). Frequent reports are not enough: virus illegally occupy a large amount of memory; open a lot of software; running the software that needs memory resources; the system is not correct; the memory is not enough (currently the basic memory requirements 128m). It is suggested that the hard disk space is not enough: the virus replicates a large number of viral files (this encountered several cases, sometimes the nearly 10G hard drive in the end of the end is installed, there is no space, one installation software suggests that the hard disk space is not enough. The hard disk is too small for each partition; a large amount of large capacity software is installed; all software is set in a partition; the hard disk itself is small; if it is the system administrator in the LAN for each user, set a workstation user. Private disk "Use space limit, because the size of the entire network disk is, in fact," private disk "has been used up. Soft disk and other devices have not accessed the read and write signal: virus infection; the floppy disk is still open The files opened in the floppy disk. A large number of unknown files appear: virus replication files; may be a temporary file generated in some software installations; also may be some software configuration information and running records.

Start black screen: virus infection (remember the deepest is 4.26 for 98 years, I paid a few thousand yuan for CIH, I first started to the Windows screen for the first time, I didn't have anything. ); Display fault; display card fault; motherboard failure; overclocking; CPU damage, etc. Data loss: Virus delete file; hard disk sector damage; overwrite the original file due to recovery files; if it is file on the network, It is because other users are mistaken. Keyboard or mouse without end: viruses, pay special attention to "Trojan"; keyboard or mouse is damaged; damage to keyboard or mouse interface on the motherboard; run a keyboard or mouse lock program, the program is too large, long time The system is very busy, showing that the keyboard or mouse does not work. The system is running slowly: the virus takes up the memory and CPU resources, runs a lot of illegal operations in the background; the hardware configuration is low; how much the open program is too large; the system configuration is incorrect; if it is a program on the network, most of the number due to the program Your machine configuration is too low, it is also possible to be busy on the Internet, there are many users open a program at the same time; there is a possibility that your hard disk space is not used for temporary exchange data. The system is automatically executed: the virus performs illegal operation in the background; the user sets the automatic operation of the program in the registry or startup group; some software is installed or upgraded to automatically restart the system. Through the above analysis, we know that most of the faults may be caused by human or soft, hardware failures. When we find abnormalities, don't worry about it, in the case of anti-virus, you should carefully analyze the characteristics of the fault Exclude soft, hardware, and artificial possibilities. The classification of viruses and their respective characteristics must truly identify viruses, timely kill viruses, we still have some more detailed understanding of the virus, and more detailed and better! The virus is written separately by many dispersed individuals or organizations, and there is no standard to measure, and the classification of viruses can be generally degraded by multiple angles. If the infection object is divided, the virus can be divided into the following categories: a, the object of the guided virus this virus attack is the guiding sector of the disk, which allows the system to get priority execution rights at startup, thus achieving control The purpose of the entire system, this virus is that caused by the infection of the guiding sector, so the loss is relatively large. Generally, the system will not start normally, but it is also easier to kill this type of virus. Most anti-virus software can Kill this type of virus, such as KV300, Kill Series, etc. B. This type of virus in the file virus is generally infected with Exe, COM, etc. to be extended as an extension, such words, when you perform an executable file, the virus program is activated. There are also some viral infections in DLL, OVL, SYS, etc., because these files are usually configured, link files, so the virus is loaded with the automatic quilt when performing a program. The same is to insert the virus code full paragraph or disperse into the blank byte of these documents, such as the CIH virus is to split itself into a 9-stage executable, the word usual files after infection. The number of times is not increased, which is the side of its concealedness. C, network virus This virus is a nearby network of high-speed development products, and the infected object is no longer limited to a single mode and a single executable file, but more integrated and more concealed. Now some network viruses can almost infection on all Office files, such as Word, Excel, email, and more.

Its attack is also transformed. From the original delete, modify the file to the current file encryption, stealing the user useful information (such as a hacker program), etc., the passage of the propagation has also happened, no longer limit the disk, but through more hidden The network is carried out, such as email, electronic advertising, etc. D. The composite virus belongs to the "composite virus" because they have some features of "boot type" and "file type" viruses, which can infect the directive sector file of the disk, or infect A certain executable, if there is no comprehensive clearance of such viruses, residual viruses can recover ourselves, causing the sector files and executable infections, so this virus is extremely difficult, used Anti-virus software should have functions that kill two types of viruses. The above is in accordance with the object of viral infection, if we are divided according to the degree of damage, we can divide the virus into the following: a, benign virus: These viruses call them as a benign virus because they The purpose of invasion is not to destroy your system, just want to play, most of the primary virus enthusiasts want to test their own development virus programs. They don't want to destroy your system, just emit some kind of sound, or some prompts, in addition to occupying a certain hard disk space and CPU processing time, no other harm. For example, some Trojan virus programs are the case, just want to steal some communication information in your computer, such as password, IP address, etc., for use. B. We use only the software system to disturb the software system, steal information, modify system information, and do not cause hardware damage, data loss and other serious consequences of "malignant virus", such viral invasion After the system is not normal In addition to use, there is no other loss. After the system is damaged, only some of the files will only be restored after a part of the system, and of course, it is still necessary to reinstall the system after these viruses. C. The virus such virus such that the virus is damaged than the above Class B virus. Generally, if you are infected with your virus, you must completely collapse, you can't start normally, you keep it in your hard drive. Useful data may not be obtained, light a little just deleting system files and applications. d, catastrophic virus This type of virus from its name We can know that it will give us the degree of destruction, this virus is generally destroying the directive sector file of the disk, modifying the file allocation table and hard disk partition table, resulting in system Can't start at all, sometimes it will even format or lock your hard drive so you can't use the hard drive. If you are in dyed such a virus, your system is difficult to recover, and the data retained in the hard disk is difficult to get, the damage caused is very huge, so when we evolve the worst Plan, especially for corporate users, it should be fully made of catastrophic backup, and now most large companies have realized the meaning of backup, and spend huge money on the daily system and data backup, although everyone knows maybe It is impossible to encounter such disastrous consequences, but it is still relaxed. This is the case, and it also attaches this issue very much. Such as the CIH virus on the 98th 4.26 can be classified, because it not only causes the software to damage the software, but also directly to hard disk, motherboard BIOS and other hardware. If you are divided into the following: a, source code embedded attack type From its name We know that this virus invasion is mainly the source of advanced languages, the virus is inserted before the source program compiles the virus code. In the end, the source program is compiled into an executable file, so that the original file that is just generated is to poison files.

Of course, such documents are very small, because these virus developers can't easily get the source procedures before compilation of software development companies, and this intrusion is difficult, and very professional programming levels are required. B. Code replacement attack type This type of virus is mainly used to replace the entire or part of the module of an intrusion program with its own virus code. This virus is rare, it is mainly to attack specific procedures, more targeted, but it is not easy to be It is more difficult to clear it. C. System modified type of virus is mainly to cover or modify certain files in the system to meet some of the features in the system, because it is a direct infection system, the harm is large, and the most common one Virus type, mostly file viruses. D, the outer casing additional virus is usually attached to the head or tail of its virus in the normal procedure, which is equivalent to adding a housing to the program. When executed by the infected program, the virus code is executed first, and then it will be normal The program is transferred to memory. At present, most file type viruses belong to this. After some basic knowledge of the virus, now we can check if you contain a virus in your computer, you know that we can judge in the following ways. 1, the scanning method of anti-virus software is probably the first choice for our major friends, and I am afraid it is the only choice. Now the virus type is more and more, the hidden means is getting more and more high, so give the killing virus brought New difficulties, also bring challenges to anti-virus software developers. However, with the technical improvement of computer program development language, computer network is increasingly popular, and the development and communication of viruses is becoming more and more, and there is more and more anti-virus software development companies. But it is still a more famous or a few system of anti-virus software, such as Jinshan Drug Dynamics. As for these anti-virus software, it is not necessary to say this, I believe everyone has this level! 2. The method of observation method is only to understand the symptoms of some viruses and places where often. If the hard disk is guided, it often occurs, the system is booted, the running speed is slow, and the hard disk can not be accessed, and the above-mentioned failure of the above in the first big point, we must consider the virus is Being a monster, but you can't walk in a hurdle. I am not talking about soft, hardware failure may also have those symptoms! We can observe from the following aspects: a, memory observation This method is generally used under DOS, we can use the "MEM / C / P" command under DOS to see each program occupation The situation of memory, from which the virus occupies memory (generally not occupied alone, but in other programs), some viruses occupy the memory, and it is more concealed, and "MEM / C / P" can't be found, but Seeing the total basic memory 640K less than the neighborhood 1k or a few K. b, registry observation method This kind of method is generally applicable to the so-called hacker programs recently appeared, such as Trojan, which is generally automatically started or loaded by modifying the start in the registry, loading configuration to reach automatic start or loading, usually in the following Local implementation: [HKEY_CURRENT_USER / SOFTWARE / Microsoft / Windows / CurrentVersion, etc. More detailed analysis.

转载请注明原文地址:https://www.9cbs.com/read-85853.html

New Post(0)