This is a stunt I have practiced n times!
First, you'd better try to download antivirus software from the following website. If it doesn't work, it's not too late to use tricks again (the downloaded antivirus software is much slower than the original update, so it is recommended to buy genuine ones. If you want to spend less money, you can buy Rising released before, because no matter when it is released, as long as it is not pirated, you can upgrade to the latest version: pay attention to the version before Qianxi.
Www.micropoint.com.cn, this is a particle photo, and it's free.
/
/
Don't forget to install only one antivirus software: otherwise it will conflict!
0, novice must see. If you can't find the virus file, you can try this method. Start-My Computer-Tools-Folder Options-View-(Select) Show All Files and Folders, Delete: Hide Protected Operating System Files: Select its check box, and then similarly delete its check box: Hide extensions of known file types: Make sure there is nothing hidden. haha,
1, Q: Is there a Trojan horse in this process of rundll32? This machine is slower than before.
, not necessarily many rogue software installed this Dongdong, but does not rule out the possibility that the virus disguised as software: rundll32 itself is not a virus (Rising's Kaka Internet Assistant is a sharp weapon against rogue software, which can be downloaded for free/).
2. Use software such as Windows Optimizer to see which programs will be started at startup (note that advanced viruses can be disguised as system services, so services cannot be spared). If yes: click once, start-search-enter the name of the suspicious process, and then search. After finding it, end the virus in the memory first. The method is to press the button once, and Ctrl+Alt+Delete= The task manager uses it to end the process and then delete the file.
3. If the above method doesn't work, it may be disguised as a normal file and then released by it. So sometimes anti-virus software can't be found, but viruses always appear. If this happens, do not delete the virus immediately. Use process management to see which process is occupying it. If you can't end the virus-related process, open the task manager-View-Select bar and check PID to confirm. The following methods refer to the DOS command, and click-Start-All Programs-Accessories.
Ntsd -c q -p PID "command, you can use the specified PID to forcibly kill the virus process. For example, if the PID of a virus process is found to be "444", the command "ntsd -c q -p 444" can be executed.
4, XP invincible replacement command: used to load a file or multiple files can not be deleted by multiple processes at the same time, alas, it is different from the above. This is for files.
For example, create a directory under C:\ C:\ AAA.
Then copy an mp3 to c:\aaa and name it C: \ AAA \ a.mp3.
Then copy another song to c: \ a.mp3.
Then play c:\aaa\a.mp3 with the media player.
At the command prompt, enter: replace c:\a.mp3 c:\aaa.
After a period of time, whether the played song becomes another song.
Replacing system files with this command is so cool that XP's system file protection doesn't work for it.
You don't have to replace files in safe mode anymore.
format
Replace [drive1:] [path1] filename [drive2:] [path2] [/a] [/p] [/r] [/w].
Replace [drive 1:][path 1] file name [drive2:] [path2] [/p] [/r] [/s] [/w]
[Drive 1:][ Path 1] File name specifies the source file.
[drive2:][path2] Specifies the directory of the file to be replaced.
/A Add the new file to the target directory. Cannot be used with the /S or /U command line switch.
/P You will be prompted to confirm before replacing files or adding source files.
/R Replace read-only files and unprotected files.
/S Replace files in all subdirectories in the target directory. Cannot be used with the /A command option.
/W Please wait until the disk is inserted.
/U will only replace or update files earlier than the date of the source file. Cannot be used with the /A command line switch.
Open Notepad-File menu-Save As-Change the file type to all files, enter the same name as the file to be replaced at the file name, and click Save as described above.
5. (Note that some viruses will open two processes at the same time to deal with manual antivirus, and we can edit a batch file to deal with it.
Ntsd -c q -p virus process name PID 1.
Ntsd -c q -p virus process name PID2- Copy these two commands into a text file, save it as *.BAT, and double-click it! )
6. If no suspicious process is found, the virus is *. DLL embeds viruses or Trojan horses, which are usually associated with svchost.exe and explorer.exe. Take a closer look at * using Windows Process Management of Windows Optimizer. DLL is loaded by svchost.exe and explorer.exe. Please note that there are many things that are necessary for the svchost.exe system. Only when you have a better understanding of this process can you separate the things loaded on the svchost.exe. To kill viruses in explorer.exe and svchost.exe, you must quit explorer.exe or svchost.exe first, and then delete virus files. If the virus is still unstable after antivirus, it means that the system has been damaged and only needs to be repaired and installed.
List of common processes in Windows XP
The most basic system processes (that is, these processes are the basic conditions for system operation. Through these processes, the system
Can run normally)
Smss.exe conference manager
Csrss.exe subsystem server process
Winlogon.exe administrator user login.
Services.exe contains many system services.
Lsass.exe manages IP security policies and starts ISAKMP/ oakley (IKE) and IP security drivers.
(system service)
Generate a session key and grant a service ticket for interactive client/server authentication. (system service)
Svchost.exe contains many system services.
svchost.exe
SPOOLSV.EXE loads the file into memory for later printing. (system service)
Explorer.exe Resource Manager
Pinyin icon in internat.exe tray area
Additional system processes (these processes are not necessary, you can add or subtract them through the service manager as needed.
Less)
Mstask.exe allows programs to run at specified times. (system service)
Regsvc.exe allows remote registration operations. (system service)
Winmgmt.exe provides system management information (system services).
Inetinfo.exe provides FTP connection and management through the snap-in of Internet information services. (system service)
Tlntsvr.exe allows remote users to log on to the system and run console programs using the command line. (system service)
Allows management of Web and FTP services through the Internet Information Services snap-in. (system service)
Tftpd.exe implements TFTP Internet standard. The standard does not require a user name and password. Remote installation service
Part of. (system service)
Termsrv.exe provides a multi-session environment that allows client devices to access virtual Windows 2000.
Professional desktop sessions and Windows-based programs running on the server. (system service)
Dns.exe answered the query and update request for the name of Domain Name System (DNS). (system service)
The following services are rarely used, and the above services are harmful to safety. If it is not needed, it should be turned off.
Tcpsvcs.exe provides remote installation of Windows 2000 on PXE remote bootable client computers.
Professional ability. (system service)
The following TCP/IP services are supported: character generator, daytime, discard, echo and.
Today's market. (System service)
Ismserv.exe allows sending and receiving messages between Windows Advanced Server sites. (system package)
Service)
Ups.exe manages the Uninterruptible Power Supply (UPS) connected to the computer. (system service)
Wins.exe provides NetBIOS name service for TCP/IP customers who register and resolve NetBIOS type names.
(system service)
Llssrv.exe License Recording Service (System Service)
Ntfrs.exe maintains file synchronization of file directory contents among multiple servers. (system service)
RsSub.exe controls the media used to store data remotely. (system service)
Locator.exe manages the RPC name service database. (system service)
Lserver.exe registered customer license. (system service)
Dfssvc.exe manages logical volumes distributed over a local area network or a wide area network. (system service)
Clipsrv.exe supports the Clipbook Viewer, so that clippings can be viewed from remote scrapbooks. (system
Service)
Msdtc.exe parallel transactions are distributed in more than two databases, message queues, file systems or their.
It protects the resource manager transactionally. (system service)
Faxsvc.exe helps you send and receive faxes. (system service)
Cisvc.exe Index Service (System Service)
System management services requested by dmadmin.exe disk management. (system service)
Mnmsrvc.exe allows authorized users to remotely access Windows desktops using NetMeeting. (system package)
Service)
Netdde.exe provides dynamic data exchange (DDE) network transmission and security functions. (system service)
Smlogsvc.exe configures performance logs and alerts. (system service)
Rsvp.exe provides network signaling and local communication control for programs and control applications that depend on quality of service (QoS).
Installation function. (system service)
RsEng.exe coordinates services and management tools for storing infrequently used data. (system service)
RsFsa.exe manages the operation of storing files remotely. (system service)
Grovel.exe scans duplicate files on a zero backup storage (SIS) volume and points them to the datastore.
Save points to save disk space. (system service)
SCardSvr.exe manages and controls access to smart cards inserted into computer smart card readers. (system
Service)
Snmp.exe contains agents that can monitor network device activity and report to the network console workstation. (department
Unified service)
Snmptrap.exe receives trap messages generated by local or remote SNMP agents and then delivers them.
To the SNMP manager running on this computer. (system service)
UtilMan.exe starts and configures assistive tools from the window. (system service)
MSIexec.exe installs, repairs and removes software according to the commands contained in. Msi file (system service)
7. Please note: It is best to clean up the relevant information in the registry as much as possible. Generally, I use the registry editor to search the virus file name and delete the corresponding Dongdong: Don't delete it wrong.
Finally, I want to learn from the Tang Priest. There is a saying that long-term stability, so anti-virus software and firewall: anti-virus software and viruses are like future fighters and molten steel in the terminator. The key is to see who arrives first, and patches and some necessary settings are also essential.