Virus and Trojan

Tweet

if any step found virus,don't continue. 1?Process check process first, the method is simple,don't start program after startup! step 1: open the task manager, find out that is there any suspicious process, if you don't know the process can Google. PS: if the task manager lose in a wink when you open it, maybe your computer got a virus; but if the system show you that the task manager forbidden by administrator, you should come into notice! step 2: open IceSword, find out that is there any hidden process(red flag in IceSword), then look over the process path whether it is correct. PS: if the IceSword can't work normally or there is a process marked red or the system process don't in the correct path, so your computer got a virus already. step 3: if all process is correct, next use Wsyscheck, check out is there any suspicious thread injection attack natural process. PS:Wsyscheck will mark the natural process and the abnormal process with different colour, if there is a abnormal process, don't worry, make sure the injection model whether it is virus, because the antivirus software should inject the process also. 2?The Boot after check the process, if there is not abnormal, so now check the boot option. step 1: find out suspicious service use msconfig. press win+R then input "msconfig" and press enter, switch to service option, tick "hidden all Microsoft service", then make sure remaining service is normal.(you can do it by experience or search engines) PS: if it is abnormal or msconfig can't work or lose in a wink, then your computer got a virus already. step 2: switch to "boot" option, find out the suspicious option. step 3: look over more boot info with Autoruns.(include service,drivers,boot,IEBHO and so on) PS: this need a experience. 3?Network ADSL user can connect to internet now. find out is there any suspicious link use the net-link of IceSword, you can query IP address on http://www.ip138.com and query process or port info on google. if find any abnormal, don't worry, close all program who use the net(like download soft,autoupdate of antivirus software,IE and so on), and check the network info again. 4?Safe Mode restart computer and into safe mode, if can't enter or appear blue you should come into notice, this maybe sequela of viruses or viruses don't clean. 5?Image File Execution Options open the REGEDIT, find HKEY_LOCAL_MACHINESOFT\Microsoft\WindowsNT\CurrentVersion\ImageFileExecutionOptions, find that is there any abnormal IFEO, if find something abnormal option, likely your computer got a virus already. 6?CPU time if the system running slowly after startup, you can reference the cpu time to find out ht abnormal process, the method below: open the task manager and switch to process option, click "view"--"choose column",and tick "cpu time" in the opened window, and click "ok", then click the title of "cpu time" to sorting, find the cpu time who is bigger except SystemIdleProcess and SYSTEM. you must come into notice about the process. all above method are enough to cope the common virus and trojan.