Weak current College】 【find computer hidden invasion black.

<br> <br> Your computer suddenly panic, and sometimes automatically restart, unprovoked-less files and found desktop refresh slowly, is not running any program and the hard disk is hard to read and write to the system or baffling to the floppy drive .is searched, antivirus software and firewall alerts and found the system's speed and more slow, at this time you will have to be careful. <br> <br> The first reaction (forming a good habit to bowl can reduce loss): use CTRL .+ ALT + DEL to bring up the task list to see what programs are running, such as the discovery of the strange program will pay more attention, in General, those in the Task Manager on the program will not run on the system's basic shines into .negative impact (Note: here is a Basic run, first and we said that, in this article I am on a network, the results of this study), so you can turn off some suspicious programs to see, discover some abnormal situation returned to .normal, then it would be the preliminary determination is a Trojan horse, there are multiple names in the same program running, but may increase over time, this increase is a questionable phenomena also pay particular attention, you are to the Internet network or LAN after .the discovery of these phenomena, do not doubt that hands-on look!, (Note: there may be other virus ascribes) <br> <br> 1 upgrade your anti-virus software to the latest, to conduct a comprehensive inspection system scanning .. <br> <br> 2 click Tools → Options → view the folder Hide protected operating system files (recommended) and Hide extensions for known file types that the two previous check out, for easier viewing. <br> <br> 3 view .the windows directory of the win.ini file that begin in a few lines: <br> [windows] <br> load = <br> ren = <br> Here is the automatically start Windows programs, you can look at the comparison comparing .. <br> <br> 4 viewing the windows directory of the system.ini file in these lines: <br> [386Enh] <br> device = <br> Here is placed the system itself and additional drivers. Plus the driver typically .use the full path, such as: <br> Device = c: \ windows \ system32 \ tianyangdemeng.exe (here for example) <br> <br> 5 see Start menu program】 【→】 【start. <br> Here .is start of Windows automatic procedures, if any, it is placed on the C: \ windows \ StartMenu \ Programs \, keep it in a safe place and then deleted, you need to restore them back. <br> <br> 6 start .】 → 【run】 Type "MSCONFIG" and see if there is any suspicious startup items, you may be asked, is not to say earlier? actually, these two methods is different, you are both ways to see what you will find different, .as regards the point you want to say more, say the truth, I do not know. Oh don't joke, hope master out answer it! <br> <br> 7 viewing the registry, in start】 【→】 【run ., enter "REGEDIT". <br> <br> First make a backup of the registry, view the registration. (Be sure to develop a habit, when you modify a file, on wood did not grasping that need to be backed up) .<br> View the HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ CurrentVersion \ RunServices and Run, to see if there's a suspicious program. <br> View HKEY_CLASSES_ROOT \ EXEFILE \ SHELL \ OPEN \ COMMAND, look for the. EXE file association of horse ., the correct value for "% 1"% * <br> View HKEY_CLASSES_ROOT \ INFFILE \ SHELL \ OPEN \ COMMAND, look for the. inf file associated with the correct values for the Trojan horse, "SYSTEMROOT% \ SYSTEM32 \ NOTEPAD.EXE .% 1 <br> View HKEY_CLASSES_ROOT \ TXTFILE \ SHELL \ OPEN \ COMMAND, look for the. TXT files associated Trojans, correct values for% SYSTEMROOT% \ SYSTEM32 \ NOTEPAD.EXE% 1 <br> Start the CMD, enter NETSTAT-AN .view have unusual port. <br> <br> 8windows. exe files in the. com,. dll, ... They are likely to be a hacker placed virus hacking and virus carriers. When the system is functioning, the above files to .make a backup, to the need to write back! <br> <br> 9 in the Windows directory to see if there is no a Winstart.bat file. This file is also an Autoexec.bat like automatic batch file, however, it .can only work in windows and can not be used in DOS. A closer look at what you don't know the driver, put it down, to Baidu check, usually the automatic batch file will not be used. (You can only experience to .judge the) <br> 10 see c: \ autoexec.bat and c: \ config.sys, these two files have some system requiredDriver. To see if there's anything suspicious driver. <br> <br> <br>.