Current location - Recipe Complete Network - Complete cookbook of home-style dishes - How to kill viruses without using anti-virus software
How to kill viruses without using anti-virus software

Why not use anti-virus software? It’s so simple!

You have to learn general manual antivirus at least half a year. It cannot be explained in one or two sentences. Here are a few examples. You can take a look. It is an article I saw on the Internet. Article (I don’t know if it counts as infringement):

Example 1: Make friends with the “performer” of the process

Many times, we don’t notice what’s going on in the system. How many processes. If you want to understand the secrets of processes, you must first make friends with some common system processes. Once you master them, you can quickly find suspicious guys from the process list like a detective.

In Windows 2000/XP, the Ctrl+Shift+Esc key combination can quickly bring up the Task Manager, while Windows 9X uses the Ctrl+Alt+Del key combination.

1. "Protagonist" process

First, let's get familiar with the basic processes in the system. They are the basic conditions for system operation. Generally, they cannot be closed, otherwise it will cause the system to crash. .

Windows 2000/XP: smss.exe, csrss.exe, winlogon.exe, services.exe, lsass.exe, svchost.exe (multiple can exist at the same time), spoolsv.exe, explorer.exe , System Idle Process;

Windows 9x: msgsrv32.exe, mprexe.exe, mmtask.tsk, kenrel32.dll.

Did you know

Processes and Programs

Simply put, every time a program is started, a process is started. In Windows 3.x, a process is the smallest unit of operation. In Windows 9X/2000/XP, each process can also start several threads. For example, a separate thread can be opened for each downloaded file. In Windows 9X/2000/XP, thread is the smallest unit. Programs are permanent, processes are temporary. To give an example: if the program is a script, then the performance process is the process; if the program is a recipe, then the cooking process is the process.

Svchost.exe

It is located in the System32 folder of the system directory and is a general host process that runs services from a dynamic link library (DLL). In the task manager, you may see multiple Svchost.exe running. Don't make a fuss, it may be multiple DLL files calling it. However, because of this, it has also become the target of virus exploitation. The former "code blue" virus is an example. In addition, if you are infected with the shock wave virus, the system will also prompt "An error occurred in Svchost.exe".

If you want to check which services are using Svchost.exe, for Windows 2000, you can extract Tlist.exe from the SupportToolsSupport.cab compressed package on its installation CD to any directory, and then open the "Command Prompt" "Enter the directory where Tlist.exe is located, enter "tlist -s" and press Enter (you can see detailed information with the "tlist pid" command). In Windows XP, directly enter "Tasklist /SVC" to view process information ("Tasklist /fi "PID eq processID"" can see detailed information).

2. "Supporting Role" Processes

Although these system processes are not necessary for system operation, they often appear in the process list. Such as internat.exe, systray.exe, rundll32.exe, loadwc.exe, ddhelp.exe, mstask.exe, ctfmon.exe, taskmagr.exe, msnmsgr.exe, wmiexe.exe, they are all normal system processes.

It is recommended that after installing Windows, click "Start → Programs → Accessories → System Tools → System Information", and then click "Software Environment → Running Tasks" in the "System Information" window that opens (in In this process list, you can see more detailed attributes (the program path is very important information), then click "Operation → Save as text file", and compare and analyze when an abnormality occurs in the system in the future. In addition, "Optimization Master" also provides the function of saving process snapshots.

Example 2: Looking for clues of Trojans

Many Trojans and some protection tools use dual-process protection methods. For example, the "Falling Star" Trojan uses dual-process mode. Let's take a look. How to spot them.

Step 1: Open Task Manager.

Based on comparison with common processes, it is obvious that two "familiar strangers" (similar to, but not identical to, the basic process names of the system) will be found: "internet.exe" and "systemtray.exe". Please compare with the "supporting role" process in the previous example.

Step 2: Open "Software Environment → Running Tasks" in "System Information" and check the path information. Both point to the WindowsSystem32 directory, and the file size and date are the same, but from the file date Look at system files that do not belong to Microsoft. Enter the resource manager to check its version attribute. Although the company is marked as Microsoft, it is not written the same as the Microsoft company name in the system file. It can be basically concluded that it is an illegal process and is in dual-process mode.

Step 3: When trying to end the process, select "systemtray.exe" for the first time to end the process tree. As a result, the process is regenerated immediately, and these two processes are displayed in the task manager! So select "internet.exe" again, and then end the process tree. The process is not regenerated, thus removing the Trojan process from the system.

Example 3: Real and fake system processes

In order to avoid being found in process names, many viruses and Trojans often use "hidden tricks", using system files or A process name similar to the system process name.

1. File name camouflage

(1) Modify individual characters of common programs or processes

For example, the process name of the "Falling Star" Trojan introduced above" internet.exe" is very similar to the input method process "internat.exe". The name of the server process of "WAY Bad Boy" is "msgsvc.exe", which is similar to the basic system process "msgsrv32.exe". There is also the difference between Explorer.exe and Exp1orer.exe. Can you tell it if you are not careful? (The number "1" replaces the letter "l")

(2) Modify the extension

The server process of the famous Glacier Trojan is Kernel32.exe, which looks familiar at first glance , which seems to be a system process. In fact, such a file does not exist in the system. There is one called "Kernel32.dll" in the basic process of Windows 9x. The Trojan horse process "Shell32.exe" is "evolved" from "Shell32.dll", a file that everyone is familiar with, and does not actually exist in the system.

2. Path camouflage

The Windows directory and the System directory are where the core files of the system are located, and are generally "accessible to idlers". Therefore, the files entering and exiting them are generally considered to be system files, and viruses and Trojans take the opportunity to place source files in these two directories. For this kind of situation, you generally only need to find the source file path through the system information, open the file's properties, and you can see the flaw from the date (this is very important, you can check whether it is the same as the system file date), version, and company name information. . No virus or Trojan horse file can be designed to be exactly the same as the system file.

Example 4: Optimizing the system starts with the process

In addition to the basic processes necessary for system operation, each program will generate a process in the system after running, and each process will occupy a certain amount of time. CPU resources and memory resources. Too many processes and some poorly designed processes will cause the system to slow down and reduce performance. At this time, they can be optimized.

1. Streamline processes

Some processes in the system are not necessary, and ending them will not cause any damage to the system.

For example: internat.exe (display input method icon), systray.exe (display system tray speaker icon), ctfmon.exe (Microsoft Office input method), mstask.exe (scheduled task), sysexplr .exe (Super Jieba Server), winampa.exe (Winamp Agent), wzqkpick.exe (WinZip Assistant), etc.

There is a free gadget called "Process Killer", which has the function of automatically streamlining processes and can automatically terminate all processes except the basic processes of the system. When you suspect that your computer is running some hacker or virus processes but you are not sure which one it is, this software can effectively remove those illegal processes. However it is only suitable for Windows 9x/Me. Download address.net:8080/down/prockiller_23.rar.

2. Kill bad processes

Sometimes you will find that the system is running very slowly. In this case, you can open the Task Manager, click the "Process" tab, and click the "CPU" column The label allows processes to be sorted by CPU resource usage, and you can clearly see the programs with the highest resource usage. In the same way, you can click on the "Memory" column label to view those memory occupiers and end the process in a timely manner.

There is a special situation here: when checking the CPU usage, a process called "System Idle Process" will always be displayed at around 90%. Don't worry, it actually doesn't take up so many system resources. Click the "Performance" tab to see its actual CPU resource usage.

★For Windows 9x, you cannot use Task Manager to see all processes and CPU and memory usage like Windows 2000/XP. It is recommended to use Process Explorer (download address/ntw2k/f...rocexp .shtml).

★If a 16-bit program affects the operation of the system and cannot be turned off, you can enter the process tab of the task manager, find the NTVDM.exe process, turn it off and kill it All 16-bit applications without rebooting.

3. Optimize software or game performance

You can also improve the performance of software and game processes by changing their priority, which will make them run faster. Of course, the side effect is May affect other running processes. For example, to avoid burning failure due to overflow of the burning buffer, you can enter the Process tab of the Task Manager, find and right-click the process item of the burning software, select "Set Priority", and then select "High" in the pop-up submenu. . If you don't want to set it up like this every time, you can use the following method.

Step one: Open the directory where the software or game is located, for example: D:/game, create a new text file here, and enter the following statement in it:

echo off

start /priority game.exe

Note: Replace priority with the required CPU priority. It is recommended to use high (high) and abovenormal (above normal) because they have the best effect. . Replace game.exe with the executable file name of the software or game, for example: stvoy.exe.

Step 2: After making the above modifications, save it as game.bat. Now you can start the game or software through this file, which will give the game or software a higher CPU priority. class. However, it should be noted that the file must be saved in the directory where the game or software is located.

You can also go to Hacker Network to check it out!

Related articles
  • Special fried beef with onion
  • How is the recipe making business?
  • Which game not only has a cast, but also a mysterious desert island?
  • How can Mapo tofu, which is common in restaurants, be spicy and tender?
  • Overnight leftovers can be used to make sushi.
  • A few nutritious and healthy family stir-fried dishes are better than big fish and big meat, and everyone will make delicious food.
  • How to eat ginseng?
  • Qinhuangdao locals go to the night market.
  • Top ten high-grade mushrooms
  • Anyang Wal-Mart is delicious.

    • copyright 2024 Recipe Complete Network All rights reserved