【 Weak current College 】 Windows system top ten viruses hiding place

Virus found, but both in safe mode or Windows fail to clear the? due to some particularities of directories and files, there is no way to directly, including the security mode to kill the poison and so some antivirus, but need some special means clear poison file. The following is the directory that contains the following subdirectories.

1, poison file in TemporaryInternetFiles directory.

Because this directory of files, Windows will have a certain protective effect (unconfirmed). So on this directory of poison files even in safe mode is not clear, in this case, please close other programs, software, and then select open IE, IE toolbar "Tools", "Internet Options", select "delete files" to remove it, if you are prompted "delete all offline content", or select one and deleted.

2. poison files in the _Restore directory, or SystemVolumeInformation directory.

This is a system restore to restore the files stored in the directory with the WindowsMe/XP operating system will have this directory, because the system on this directory has a protective effect. In this case you need to cancel the system restore feature, and then remove the poison file, or even delete the entire directory is also acceptable. Turn off System Restore. WindowsMe, disable System Restore, DOS. XP turn off system restore methods: right-click on "my computer", select "Properties"--"system restore"--"in all the drives on the turn off System Restore" tick-front-press the "OK" to exit.

3, poison file .rar, .zip, .cab, etc. compressed file.

Now supports direct killing the compressed file poison file anti-virus software also rarely, can only support the common compression format; therefore, the vast majority of anti-virus software, can only be detected in the compressed file, the poison file rather than directly to clear. And some encrypted compressed files was not possible to directly cleared.

To clear the compress the file, it is recommended that the extracted clear, or with the compression tools software external antivirus program functionality, the poison of compressed file anti-virus.

4. virus in the boot sector or SUHDLOG.DAT or SUHDLOG.BAK file.

This virus is usually a boot sector virus, the virus name General report with boot, wyx. If a virus is present on the mobile storage device, such as a floppy disk, Flash disk, removable hard drive, you can rely on local hard drive antivirus software directly for killing; when the virus is on the hard disk, you need to use a clean, bootable disk boot for killing.

For this particular virus is recommended to start with a clean floppy disk, but killing the killing must be backed up before the original boot sector, in particular the original fitted with another operating system, such as Japanese Windows, Linux, etc.

If you do not have a clean, bootable disk, you can use the following methods for emergency antivirus:

(1) in the other computer to do a clean, bootable disk, the boot disk in Windows95/98/ME systems through the Add/Remove programs to produce, but it is important to note that the operating system be floppy and your operating system you use;

(2) use this floppy boot the computer to start the poison, and then run the following command:

A:>fdisk/mbr

A:>sysa:c:

If poison is in the file or files in SUHDLOG.BAK SUHDLOG.DAT, then you can directly delete. This is the system in install on hard drive boot sector of a backup file, the General effects of the virus in which has no effect.

5. poison file suffix name is .kbk .vir, .kav, etc.

These files are generally are some anti-virus software on the original poison files do backup file, in General, if you verify that these files are useless, and that will delete these files.

6, the poison message file in some files, such as dbx, eml, box, etc.

Some anti-virus software can directly check the mail file is poison, but often cannot that poison files directly, for some mailboxes in a letter of the poison, according to anti-virus software provides information to find that the poison of letter, delete the attachment in the message or delete it; if the eml, nws some mail file poison, you can use the relevant mail software to open, confirm the message and its attachment, and then remove the relevant content. Generally, there is a wide range of eml, nws's poison files, are automatically generated files for viruses, we recommend that you are directly deleted.

7, file a virus residue code.

This situation more see is with CIH, Funlove, macro viruses, including Word, Excel, Powerpoint and Wordpro, document macro viruses and virus-individual Web pages, usually the residue code on these antivirus viruses residue code file reports with the virus name suffix is typically the end such as int, app, but is not common, such as W32/FunLove.app, W32.Funlove.int. In General, these remnants of the code does not affect the normal proceduresRun, it will not be transmitted, if you need to completely clear, according to the actual situation of each virus removal.

8, file error.

This situation occurs, usually some anti-virus software will file the original poison and not very cleanly remove the virus, nor good repair the file, the resulting file is not in working condition, while other anti-virus software of false positives. These files can be directly deleted.

9, encrypted files or directories.

For some of the encrypted file or directory in decrypted after killing the virus.

10, shared directory.

There are two situations: the local share directory and network remote shares (including maps). Experiencing local share directory of poison file cannot be cleaned, usually LAN other users read and write to these files, when expressed as anti-virus cannot directly to clear these poison file, if it is a virus in these directories are writable virus operation, performance for the shared directory to remove the virus, or keep a file is infected or constantly generate virus files. The two cases above, it is recommended that cancel the share, and then for a shared directory for a thorough clean, restore shared, careful not to open up too high, and add to the shared directory. On the remote share directory (including maps) killing viruses, it is first necessary to ensure that the local computer's operating system is clean, while the shared directory also has the highest read and write permissions. If the remote computer is infected with a virus, recommendations or directly on a remote computer for killing the virus. In particular, if you clear the levels of virus sometimes are proposed to remove all the local share for anti-virus operation. In normal use, should also pay attention to the security of the shared directory, an additional password, at the same time, it is not necessary, do not directly read remote shared files in a directory, it is recommended that you copy to a local check for viruses after operation.

To add one:

It is recommended that you follow the following operation a try: first mouse right click on my computer-properties-system restore-put in all the drives on the turn off System Restore on the front of the check.

Then go into safe mode (restart, press the F8 key) to the following three folders in the file are all empty.

C:WINDOWSTemp

C:DocumentsandSettings LocalSettingsTemp with username

C:DocumentsandSettings username LocalSettingsTemporaryInternetFiles

Then disinfect (safe mode) a try. Two folders inside the "username" is your landing systems login name, if you have not been modified. User name: Administrator.