There are a lot of strange files in the computer, which is suspected to be a virus, but 360 can t fi

All the folders that start with $ with numbers hidden in the windows directory of the C drive are the uninstallers left over from the system patches, and they are huge, if you install the initial version of Windows XP SP3 and play all the patches, there should be more than 200, there should be more than 300 600 megabytes, which is related to how many patches are pre-installed in advance in the version of the XP you install, and the latest SP3 is estimated to play at least 20 30 patches; In fact, SP3 itself is also a collection of hundreds of security patches, but Microsoft has made an integration file called SP3. It can be deleted entirely. Because these patches are all tested by Microsoft and released without compatibility issues.

If you are a genuine XP, you can use Microsoft's official automatic upgrade to patch the system, if you are a pirated XP, then use third-party software such as 360 or Rising Card to help you patch, but you have to scan the system for vulnerabilities and allow patching by yourself.

No problem. This is the uninstall folder for system update patches!

You can delete it directly! It doesn't affect the use!

Deletion may affect the uninstallation of update patches, but who has used how many patches have been uninstalled?

It's usually about installing patches and improving the system! And without uninstalling!

The first is because of the problem of software behavior.

When 360 was bad, when I used Visual Studio to debug the program, I would treat VS as malware, because VS "injected" my program, and randomly added breakpoints and suspended programs at will (nonsense, don't add breakpoints, hang and stop and step debug). This behavior can also occur in many malware, such as pop-ups, which can hang the browser after the pop-up, and then you can't use the browser without closing the pop-up. Malicious suspension of other programs may also cause other programs to be revealed and unresponsive.

Then it's because of the virus signature (which overlaps a bit with the one above).

Antivirus software companies maintain a database of virus signatures.

The virus signature database is generally loaded with a large number of binary strings and corresponding virus names, and binary strings are a series of binary strings that only the virus may have when the anti-virus company analyzes the virus, these binary strings are called feature codes, and may be done in the virus to achieve certain functions, such as breaking system files, modifying other programs**, copying itself and then spreading through the network, etc., antivirus software can use these signature codes to distinguish other viruses or normal programs. This is followed by anti-virus.

If normal software will have similar behavior, then it is also possible to contain such a feature code, and then be scanned, such as game cracking, game modification, and some monitoring software will cause manslaughter, because it is indeed possible to have such behavior. At this time, if it is confirmed that it was mistakenly killed, you can report it to the antivirus software provider and ask them to verify and modify the signature.

In addition to the above-mentioned virus-like injection, modification behavior, there are often seen "worm" characteristics, worms do not rely on other programs, and may not destroy the system, but have excellent transmissibility, can spread on the network, can execute garbage ** to occupy system resources, can also spread after the flood attack. Therefore, if the worm characteristics are checked and killed, it is possible that there is indeed a part that can be transmitted, and if the software needs to be frequently networked, launch various requests, and want to spread itself, then it is a worm.

There are also well-meaning worms, and some time after the RPCSS vulnerability used by the blaster worm was discovered, a worm called Waldec appeared on the network, which automatically patched users who did not fix the vulnerability (). However, the worm will also use up a lot of network bandwidth, which is similar to the effect of a "malicious" worm on the network... So although I'm very moved, I still have to kill him.

Because the process of those files, or the mode of operation, is a bit like the mode of operation of sick and poisonous files, so you can make them safe when they are reported.

Some auxiliary programs, including some programs, have conflicts with 360's detection software, and there are some blind spots that can't be recognized by 360, so you can add them as trust.

Yes, if there is a conflict with 360, it will be rewarded.

Some files are bound by Trojans.

Hello, this is determined according to the antivirus software's virus detection method and antivirus engine, Computer Manager is the first antivirus software in China to use 4+1 professional antivirus engine, using the country's largest cloud virus database, antivirus ability is very strong.

The important thing is that PC Manager is still an antivirus software that has passed the VB100 test, and the antivirus results are trustworthy, and the false positive rate is very low. VB100 is known as the most influential test, emphasizing the virus detection rate and false positive rate of antivirus software, and only 100% detection and killing of epidemic viruses without a single false positive or omission can be passed.

If you have any other questions and problems, please come to the computer manager business platform again to ask questions, and we will do our best to answer your questions.

MDM is suspicious.

The process called zhudongfanyu doesn't mean active defense.,I've never seen such a process kill the soft.,If it's a destructive virus.,It will only damage and infect your system files or other files.。

But the CF account you said has been logged in, which means that it is a Trojan horse.

Regarding the nature of the number theft Trojan, I have the following ideas:

1.The number theft Trojan is generally achieved by receiving and sending letters, so if you can sniff, it is entirely possible to find his receiving address, so as to find more victims' account passwords, which is also commonly known as black boxes! This is to teach you to pick him up!

2.The number theft Trojan is self-starting because it is booted, so you can use the optimization master to see what is the program that starts automatically, 360 can also be viewed, since the boot is self-starting, it is possible to add an item in the registry, and then use the optimization master to find the suspicious item, right-click, find the hidden address of the program, and delete it manually, (because since you can't kill the soft kill, this Trojan must be free to kill), and then clean up the registration item! You'll have no problem with your computer!

There's also the general non-killing that can't avoid the soft update.,After today, the soft will be found out.,If you're not afraid of death, just wait for the soft update!

3.It is recommended that the game do not open g.,Generally, the plug-in will write the plug-in 3 points of poison.,But if he really ties up the horse.,It's troublesome!