Manually remove stubborn Trojans, worms, virus, easy manual

The specific situation is this: After the dial-up Internet access, FTP repeatedly reported that China Unicom with the server failed. Upon inspection, the computer installed Norton Personal Edition anti-virus software and Norton firewall has been disabled, try opening Baocuo not normally enabled; open the Task Manager and found the illegal process of five, try to stop, reported "Access Denied" ; restart to safe mode and then try to stop the illegal process, Baocuo remains the same, can not be stopped; then into the computer list of local services and found two unknown auto-start services, try to stop, reported that "Stop Service Failure" In desperation, modify the service attributes to "Disabled", once again restart to safe mode, last known service does not start automatically. So based on the name before the process of discovery of illegal search system disk C drive and found in Winnt directory and Winnt \ system32 \ directory, manually deleted. Then go to Winnt \ system32 \ directory, found a large number of unidentified program files, their common features are: file attributes to hidden, the file name is similar to the "diALoGUe" random name, the icon is similar to the DOS program icon, and search property without the company, version and other information; because I am used to detox for the first set when the folder options 【】 to show all files and display all protected system files in order to facilitate search for files, so easy to find this batch file to run a large number of unknown, random attributes to confirm After the Recycle Bin of all income. Then check the registry, delete the run since the launch of key value of unknown type. Finally run the upgrade SP5, 10 minutes after I kick down all the patches, reboot into normal mode, win2000 showed a normal, start Norton virus, network firewalls success, the success of dial-up FTP.

From these experiences, as well as hear head dye, got wind of its potential, come to such a viral infection and the onset of the possible through: user due to failure to make timely vulnerabilities to install patches, or use the super-user privileges account viewed a malicious Web site, run by unknown programs or files and led to infection with a virus. The Permanent Mission of the system after the self-replicating virus, and automatically connect and download a variety of on-line broiler Trojan planted this new chickens, and crazy to use this chicken with weak passwords try to log onto the other network computers to infect more machines; infection to other machines after the , crazy to send a variety of other Trojans, worms, virus infected for the virus to infect more machines, achievements more chicken. This is bound to take up massive amounts of network bandwidth, and DDOS flood attacks are similar to the wonderful, and will force the network switching, routing equipment, overwhelmed and paralyzed. This most likely is that the network slowed, but the reboot switch or router, the speed can be improved after the root causes. And because the virus take up too much process, leading to system resources to run at full capacity, poisoning the machine to run will be significantly slowed.

The dangers of such viruses is:

1, with high-speed internal network bandwidth, infects a large network of other vulnerable computers, often the virus in a large one.

2, take up a large number of network bandwidth, so that slowed speed.

3, there is a certain intelligence, variants are many anti-virus software is always later than the virus appears to follow the time to be effective principles, may be subject to new variant of the virus.

4, using a similar DDOS tools, read the other network computer SAM account concurrent use of force weak passwords try to log onto the other computer, resulting in not infected with the virus to other computers log the number of accounts exceeds the limit, account locked, affecting normal use.

Summary manual anti-virus, follow these steps:

1, manual downloads and collection of all SP5 single small file (on win2k is concerned, a total of nearly 100M)

2, disconnected from the network

3, restart into Safe Mode

4, check and clear 【HLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run *】 key of all unknown startup items

5, check and clear 【HCU \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run *】 key of all unknown startup items

6, Chuck unknown service and prohibited, if not, proceed to step 7; if so, to prohibit it, and return to Step 3.

7, focusing on search 【% SystemRoot% \ system32 \】 directory of all hidden exe, com, check its properties, of unknown origin were deleted without mercy (which can first put the Recycle Bin, and then restart nothing to clear).

8, after updating the latest virus database may wish to use antivirus software to scan all files once the system tray.

9, confirm SP4 has been installed on the basis of all the SP5 patch to play the whole

10, reboot into normal mode to use

Note: Due to determine whether the illegal program requires some experience, special offers a simple way: Click on a suspicious program access 【Properties】, the normal version of the program are in 【】 bar comes with company name, version, copyright and other information, even 3721, sepsis and other rubbish also carry the appropriate information, and worms, Trojans and other programs will most likely not available for inspection any information, reference, whereby the majority of the illegal procedure can be judged.

Maintain the "no drugs" a few tips:

1, using Proxy or NAT isolate the LAN and external network seamless Unicom

2, all machines in the LAN to prevent super-user password is blank, the same username and password, the password super simple acts such as the mentally handicapped.

3, the distribution of competences strictly follow the principle】 【enough to prevent the unnecessary super-user-generated.

4, use the Enterprise Edition anti-virus software to install anti-virus central server, set up so that timely and automatically check, download the updated virus database and automatically distributed to the client, the latest virus database.

5, using SUS to automatically download patches and other similar services, software, windows, set up so that it can be automatically distributed to all clients and install the latest patches.

6, a timely reminder of my colleagues attention to online safety, not to unnecessarily website, do not perform any unknown file, pay attention to online health.

7 empty Multi-Task Manager to check whether there is an unknown process, multi-center landing windows automatic update checks for the latest patch update.