First, the process of
First of all, the investigation is a process, the method is simple, boot, not to start anything!
The first step: directly open Task Manager to see any suspicious process, the process can not know about Google or Baidu.
PS: If you open the Task Manager disappeared after the flash, have been convicted of poisoning; if the tips have been disabled by your administrator, will have to rise to alert!
Step two: Open the software, such as Bing Ren, the first to see there are no hidden processes (Bing Ren marked in red), and then view the system processes the path is correct.
PS: If you can not use the Bing Ren, the judge could have been poisoned; if there is red in the process, the basic poisoning have been able to determine; if there is not a normal directory system, the normal process of the process, can also have been poisoned to judge.
Step Three: If all of the normal process, the use of tools such as Wsyscheck to see if there is any suspicion of thread into the normal process.
PS: Wsyscheck will be marked with different colors to be injected into the process and the normal process, if there had been injected into the process, do not worry, make sure the injection modules virus is not, as some will be injected into the process of soft kill.
Second, since the project start
Completed the process of investigation, if nothing abnormal, the start of the beginning of the investigation.
The first step: msconfig to see whether any suspicious services, began to run, type “msconfig”, determined to switch to the services tab, check the “Hide All Microsoft Services” box, and then left one by one to confirm whether the services Normal (to use their experience to identify, can also use the search engine).
PS: If abnormal, poisoning has been found; msconfig, if not start, restart or shut down automatically, can also have been convicted of poisoning.
The second step: msconfig to see whether any suspicious items from the start, switch to the “start” tab, one by one investigating it.
The third step, such as Autoruns, a more detailed view of the start-up information (including services, and the driver of self-starting, IEBHO information, and so on).
PS: the need for some experience.
Third, network connection
ADSL users at this time can be a virtual dial-up, connect to the Internet.
Bing Ren, and then use the direct network connection to see, if there is any suspicion of connection, the IP address, can http://www.ip138.com/ inquiries, process and the corresponding ports such as the information can go to Google or Baidu inquiries.
If abnormal, do not worry, the system may be used to switch off the network (such as such as the Thunder download software, antivirus software, automatic updates, IE browser, etc.), once again view the information network connection.
Fourth, Safe Mode
The resumption of direct access to safe mode, if not into, and phenomena such as the blue screen appears, it should guard against, may be after-effects of the invasion of the virus, the virus may not yet clear!
Fifth, the taking of image
Open the Registry Editor, locate HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsNTCurrentVersionImageFileExecutionOpti, there are no suspicious view of the taking of image, if found suspicious, is likely to have been poisoned.
Six, CPU time
If the boot, the system is running slowly, but also with reference to the CPU time to find a suspicious process, as follows:
Open the Task Manager, the process of switching to the tab, in the mid-point of the menu “View” and “choice out”, check the “CPU time”, and then to determine, click the title of CPU time, sort, search and SystemIdleProcess In addition to the SYSTEM Outside, CPU time for the larger process, which together require a certain degree of vigilance.
At present, sufficient to meet these common viruses and Trojan horses of the
评论暂缺
还没有任何评论。
抱歉,评论暂时关闭。