It turns out that once many popular network viruses are started, they will automatically leave repair options in the computer system's registry startup key. After the system restarts, these viruses can be restored to the state before modification. In order to "reject" the restart of the network virus, we can start from some details and manually delete the virus legacy options in the registry in a timely manner to ensure that the computer system is no longer attacked by viruses.
Prevent it from launching through web pages
Many computer systems may be infected with Internet viruses in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, HKEY_CURRENT_USE Among the key values below the registry branches such as R\Software\Microsoft\Windows\CurrentVersion\RunServices, content like .html or .htm appears. In fact, the main function of this type of startup key value is to automatically access specific websites containing network viruses after the computer system is successfully launched. If we do not delete these startup key values in time, it will easily lead to a recurrence of network viruses.
To this end, after we use antivirus programs to clear the viruses in the computer system, we also need to open the system registry editing window in time, and check the above several registry branch options in this window to see if the startup key values below these branches contain suffixes such as .html or .htm. Once discovered, we must select the key value, and then click the "Edit"/"Delete" command in turn to delete the selected target key value, and finally press the F5 function key to refresh the system registry.
Of course, there are also some viruses that leave .vbs format startup key values in the startup key values below the above registry branches. When we find such startup key values, we must also delete them together.
Prevent startup through the backdoor
In order to avoid the user's manual "encirclement" and many network viruses will perform some disguised and hidden operations in the startup items of the system registry. Users who are not familiar with the system often dare not clear these startup key values at will, so that the virus program can achieve the purpose of restarting.
For example, some viruses will create a startup key value called "system32" under the above registry branches, and set the value of the key value to "regedit -s D:\Windows" (as shown in Figure 1); at first glance, many users will think that this startup key value is automatically generated by the computer system, and dare not delete it at will, but they do not know that the "-s" parameter is actually a backdoor parameter of the system registry. This parameter is used to import the registry, and can automatically generate vbs-format files in the installation directory of the Windows system. Through these file viruses, the purpose of automatic startup can be achieved. Therefore, when we see a backdoor parameter key value like "regedit -s D:\Windows" in the startup keys of the above registry branches, we must delete it mercilessly.
Prevent startup via files
In addition to checking the registry startup key value, we also need to check the system's "" file, because network viruses will automatically generate some legacy projects in this file. If the illegal startup project in this file is not deleted, network viruses will also make a comeback.
Generally speaking, the "" file is often located in the Windows installation directory of the system. We can enter the system's resource manager window, find and open the file in the window, and then check whether the options "run=", "load=" and other options contain some unknown content after the unknown origin. If you find it, you must clear the content after "=" in time; of course, it is best to check the specific file name and path before deleting. After completing the deletion operation, enter the "system" folder window of the system to delete the corresponding virus file.
After paying attention to the above details, it will not be so easy for many Internet viruses to restart in the future!
Prevent it from launching through web pages
Many computer systems may be infected with Internet viruses in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run, HKEY_CURRENT_USE Among the key values below the registry branches such as R\Software\Microsoft\Windows\CurrentVersion\RunServices, content like .html or .htm appears. In fact, the main function of this type of startup key value is to automatically access specific websites containing network viruses after the computer system is successfully launched. If we do not delete these startup key values in time, it will easily lead to a recurrence of network viruses.
To this end, after we use antivirus programs to clear the viruses in the computer system, we also need to open the system registry editing window in time, and check the above several registry branch options in this window to see if the startup key values below these branches contain suffixes such as .html or .htm. Once discovered, we must select the key value, and then click the "Edit"/"Delete" command in turn to delete the selected target key value, and finally press the F5 function key to refresh the system registry.
Of course, there are also some viruses that leave .vbs format startup key values in the startup key values below the above registry branches. When we find such startup key values, we must also delete them together.
Prevent startup through the backdoor
In order to avoid the user's manual "encirclement" and many network viruses will perform some disguised and hidden operations in the startup items of the system registry. Users who are not familiar with the system often dare not clear these startup key values at will, so that the virus program can achieve the purpose of restarting.
For example, some viruses will create a startup key value called "system32" under the above registry branches, and set the value of the key value to "regedit -s D:\Windows" (as shown in Figure 1); at first glance, many users will think that this startup key value is automatically generated by the computer system, and dare not delete it at will, but they do not know that the "-s" parameter is actually a backdoor parameter of the system registry. This parameter is used to import the registry, and can automatically generate vbs-format files in the installation directory of the Windows system. Through these file viruses, the purpose of automatic startup can be achieved. Therefore, when we see a backdoor parameter key value like "regedit -s D:\Windows" in the startup keys of the above registry branches, we must delete it mercilessly.
Prevent startup via files
In addition to checking the registry startup key value, we also need to check the system's "" file, because network viruses will automatically generate some legacy projects in this file. If the illegal startup project in this file is not deleted, network viruses will also make a comeback.
Generally speaking, the "" file is often located in the Windows installation directory of the system. We can enter the system's resource manager window, find and open the file in the window, and then check whether the options "run=", "load=" and other options contain some unknown content after the unknown origin. If you find it, you must clear the content after "=" in time; of course, it is best to check the specific file name and path before deleting. After completing the deletion operation, enter the "system" folder window of the system to delete the corresponding virus file.
After paying attention to the above details, it will not be so easy for many Internet viruses to restart in the future!