With the popularity of unlimited broadband, in order to facilitate BT downloads, many friends like to hang up 24 hours a day. All-weather online has brought great convenience to some viruses and *s "invading" systems. They can invade our computers in the middle of the night and do evil deeds. Recently, when I was helping a friend with a virus, I encountered a "undeleted virus". The following will share the experience of checking and killing with you.
1. Virus appears. My friend’s computer is installed with Windows XP Professional Edition. Recently, I often use BT to download movies all night. Unexpectedly, when I booted up, Norton reported that he found a virus "" in the bottom. However, after scanning with Norton, although viruses can be found, Norton prompted that it is impossible to isolate and delete virus files.
2. Check and kill. Generally speaking, if a virus cannot be deleted directly, it is mostly caused by the virus process running. Open the task manager and find the virus process "" to terminate it successfully. Follow Norton to provide the virus file path. After finding the virus file, hold down the Shift key and right-click to select "Delete". Strangely, the system prompts that the file cannot be deleted. Open the task manager again. I am already sure that the virus process has been terminated, and it is not in the write-protect state. Why can't it be deleted? I tried to delete the folder, but it was also rejected by the system. Restarting the computer multiple times still has the same result.
Later, when I checked the "" attribute (see the date and size of the file generation so that I can search for the virus or have any friends), I accidentally found that there is a "Security" tab in the attribute window. After clicking, I can see that the rejection option of "Special Permissions" in the user permission list is slightly checked. Could it be that the file permission is insufficient, so that it cannot be deleted? Click the "Advanced" button. In the pop-up window, I saw a permission to "delete deletion". Click "Edit" and finally saw the real reason why the file cannot be deleted. It turned out that the deletion permission of the current user was set to reject by the drug convict, but it allowed "read and run. After canceling the rejection permission, return to the file attribute window, check "Allow full control", click "Confirm" to "delete smoothly after exiting".
Tips
The "Security" tab of the file (folder) attribute will only appear in partitions in NTFS format. If you cannot see this tab, open My Computer, click "Tools → Folder Options → View", and then remove the small checkmark before "Simple File Sharing (Recommended)" under Advanced Settings options.
After deleting "", the author tried to delete the folder. After being rejected by the system, by checking the "security" attribute of the folder, you can also find that the deletion permission (delete subfolders and files, deletion) was rejected. The same as above, after releasing this restriction, the virus was successfully "swept out". For files (folders), if the operation is denied due to permission reasons, generally set the permission to "full control".
Tips
(1) Permissions can be inherited. Sometimes after opening a file security attribute tag, there may not be "Delete Delete" permission in Figure 4, but if its parent folder is set to "Delete Subfolders and Files", the file cannot be deleted. The solution is to set the file permission to full control.
(2) File permissions are associated with the file owner. For office multi-account computers, some people with ulterior motives may also correspond to *s with users (for accounts with low computer operation level, they are not vigilant and easy to steal information). If you find that *s will be associated with the corresponding account, that is, some users will run after logging in, while others will not (* file permissions are set to prohibit reading and deletion). At this time, you can log in as a system administrator, force the owner of the * file to the current user, and then set to complete control to delete the *s.
(3) Some experience. The file (folder) permissions of Windows XP/2000 are a special function of the system. It allows the flexibility to set different permissions of different users. Some Wranglers achieve better "self-protection" by setting virus program files to allow "read and run" and denying "delete". Since changing file permissions is complicated, the drug dealer generally needs to operate on the host. For friends who like to hang up all the time, installing a firewall with good protection capabilities and closing some unnecessary ports can effectively prevent attacks from such viruses. If you find that the virus cannot be deleted, in the event of terminating the process, you must check whether the file permissions have been changed.
1. Virus appears. My friend’s computer is installed with Windows XP Professional Edition. Recently, I often use BT to download movies all night. Unexpectedly, when I booted up, Norton reported that he found a virus "" in the bottom. However, after scanning with Norton, although viruses can be found, Norton prompted that it is impossible to isolate and delete virus files.
2. Check and kill. Generally speaking, if a virus cannot be deleted directly, it is mostly caused by the virus process running. Open the task manager and find the virus process "" to terminate it successfully. Follow Norton to provide the virus file path. After finding the virus file, hold down the Shift key and right-click to select "Delete". Strangely, the system prompts that the file cannot be deleted. Open the task manager again. I am already sure that the virus process has been terminated, and it is not in the write-protect state. Why can't it be deleted? I tried to delete the folder, but it was also rejected by the system. Restarting the computer multiple times still has the same result.
Later, when I checked the "" attribute (see the date and size of the file generation so that I can search for the virus or have any friends), I accidentally found that there is a "Security" tab in the attribute window. After clicking, I can see that the rejection option of "Special Permissions" in the user permission list is slightly checked. Could it be that the file permission is insufficient, so that it cannot be deleted? Click the "Advanced" button. In the pop-up window, I saw a permission to "delete deletion". Click "Edit" and finally saw the real reason why the file cannot be deleted. It turned out that the deletion permission of the current user was set to reject by the drug convict, but it allowed "read and run. After canceling the rejection permission, return to the file attribute window, check "Allow full control", click "Confirm" to "delete smoothly after exiting".
Tips
The "Security" tab of the file (folder) attribute will only appear in partitions in NTFS format. If you cannot see this tab, open My Computer, click "Tools → Folder Options → View", and then remove the small checkmark before "Simple File Sharing (Recommended)" under Advanced Settings options.
After deleting "", the author tried to delete the folder. After being rejected by the system, by checking the "security" attribute of the folder, you can also find that the deletion permission (delete subfolders and files, deletion) was rejected. The same as above, after releasing this restriction, the virus was successfully "swept out". For files (folders), if the operation is denied due to permission reasons, generally set the permission to "full control".
Tips
(1) Permissions can be inherited. Sometimes after opening a file security attribute tag, there may not be "Delete Delete" permission in Figure 4, but if its parent folder is set to "Delete Subfolders and Files", the file cannot be deleted. The solution is to set the file permission to full control.
(2) File permissions are associated with the file owner. For office multi-account computers, some people with ulterior motives may also correspond to *s with users (for accounts with low computer operation level, they are not vigilant and easy to steal information). If you find that *s will be associated with the corresponding account, that is, some users will run after logging in, while others will not (* file permissions are set to prohibit reading and deletion). At this time, you can log in as a system administrator, force the owner of the * file to the current user, and then set to complete control to delete the *s.
(3) Some experience. The file (folder) permissions of Windows XP/2000 are a special function of the system. It allows the flexibility to set different permissions of different users. Some Wranglers achieve better "self-protection" by setting virus program files to allow "read and run" and denying "delete". Since changing file permissions is complicated, the drug dealer generally needs to operate on the host. For friends who like to hang up all the time, installing a firewall with good protection capabilities and closing some unnecessary ports can effectively prevent attacks from such viruses. If you find that the virus cannot be deleted, in the event of terminating the process, you must check whether the file permissions have been changed.