Trojan Horse Rootkit-agent.eg
How to remove Trojan hidden in the registry
Trojans, viruses, malware are by no means welcomed, then that most computer users face security challenges caused by them from time to time. Usually we will use antivirus software to scan computer registry, hard drives and memory, in the hope of these tools to uncover potential threats hidden in our computers.
href = "http://pcwatch.com/Software/Internet-Security-Suites-Software.html"> Good antivirus and security software to protect our PCs. But do you know how antivirus software developed?
The principle of antivirus software is very simple. Based on the behavior of malware, viruses, Trojan horses, guards antivirus and vulnerability patches as viruses, Trojans, software malware can exploit to spread.
Then, let's take a look at trojans, viruses or malware. They are very difficult to our PC, destroy the PC system, theft of information from computer users, the deterioration of performance and efficiency. Then you may wonder what these evil things done?
Trojans, viruses or malware to infect your computer by exploiting bugs in the Windows system or security software . Why Veterans computer recommend people to use Windows 7 or Vista instead of XP, why Microsoft offers users several times to upgrade my web browser? It because the new version of software debugging problems, and protects your system.
Software and Internet Security Software Antivirus can help us detect and remove security threats in most cases. But there are still situations that antivirus and security tools to be disabled by trojans or virus. Right now, you will find yourself the virus.
You may wonder which places viruses usually hide in the registry, there are seven places you have to watch heavy:
1. Variant terminator AV disable anti-virus programs to boot. Generally, if firewall found closed, it is very likely that your PC is infected by it. Go to HKLM SOFTWARE Microsoft Windows CurrentVersion Run and see if the virus is hiding there.
2. If your anti-virus can not eliminate the virus, or is shut down, then it can be hung. Check HKLM Software Microsoft Windows CurrentVersion Explorer ShellExecuteHooks.
Normally, security programs will rarely be written here.
3 Sometimes, even in safe mode, antivirus programs are still disabled. Then, it is very likely made by the new variant or infostealer.gampass Virus_Worm.Win32.DiskGen.cy. You'd better check HKLM SOFTWARE Microsoft Windows NT CurrentVersion Windows AppInit_DLLs. Normally, security programs will rarely be written here.
4 If some viruses are very difficult to be detected and removed, you may want to disable programs antivirus. Viruses are written in the service of low-level rootkits and drive, so that users hard to make them disappear. Check HKLM System CurrentControlSet Services.
5 There are times you will find an application can not launch IFEO is a possible cause. Check HKLM Software Microsoft Windows NT CurrentVersion Image File Execution Options, and mind if Terminator is AV. In addition to exe files, you must also pay attention to ani.ani file. Some viruses hijack this file type to prevent the restoration of the main file of the virus.
6 Some viruses delete Setup antivirus software, modify host files, dll virus hide in the category of IM, and change the API HOOH. Suggest to check: HKLM SOFTWARE Microsoft Windows CurrentVersion Explorer SharedTaskScheduler
7 HKLM SOFTWARE Microsoft Windows CurrentVersion ShellServiceObjectDelayLoad
The above list is only a small part of the possible anti-virus methods. In fact, there are much more complicated viruses and antivirus programs. We will publish other articles discuss viruses and record later.
Anyway, the purpose of this article is to share with you a good understanding. Do not use it for evil.
About the Author
Welcome to PCWatch Software to read the information of reviews on software,games and top tech products.
|
|
The Trojan Horse $21.76 In graphic novel format, tells how Greek goddesses began the Trojan War, and how it was ended by the Greeks with an ingenious plan. |
Write a comment: