-
I really don't know much.
I have the impression that a master said that it is the virus that ends after elevating its own authority to the ring0 level, and then hijacks or destroys the software killing file through images to prevent it from running again.
In general, mirror hijacking is common. The registry location is:
hkey_local_machine\software\microsoft\windows nt\currentversion\image file execution options
The entries in it should be debugger, and the values can point to the virus file, and there are also the ones that end the process with the -n or something command.
That's all I know, and I'm looking forward to answering from the experts.
-
Destruction? -- It's hijacking. Modify the actual path of Kill Soft. You can use hips to protect and kill soft. It is impossible to destroy and kill soft. The landlord's idea is very trendy.
-
Antivirus buy genuine, there is no free lunch in the world, otherwise it will be harmful!
Share my anti-virus experience with the landlord!
1. Any antivirus software has its own strengths and weaknesses, don't expect a software to be 100% good, as long as it can ensure that your system is safe, stable and reliable, even if it is a good antivirus software.
2. It is best to use local antivirus software, it should be said that Chinese poison and foreign poison will not be exactly the same, using foreign drugs to treat Chinese diseases, the effect will not be too good, or like Kaspersky to treat diseases too much, non-toxic files will also be killed for you, antivirus killing to destroy the system, do you use it? What's more, if you want to support domestic products, the operating system can't play Microsoft, but the antivirus software must support it!
3. Because the antivirus software needs to be upgraded from time to time, you must buy the genuine version. You don't need to use a free lunch, and the free ones are not worth much, because there is no such thing as a free lunch! Don't use pirated or online serial numbers or free upgrades, as the consequences are that you can't upgrade or your system is confused.
With strong protection, you can work with peace of mind and no longer have to worry about the endless entanglement with viruses. It's still worth it when you think about it!
4. As mentioned above, which one is better to buy domestic antivirus software?
The three major domestic brands: Ruixing, Jiangmin, and Poison Ba have their own characteristics.
In fact, Rising is the boss and is in the top 10 antivirus software in the world.
In terms of use, Rising is also the most comprehensive, safe and reliable, and can really be regarded as a commodity. I've used all three of these software.,Jiang Min and the drug bully have problems.,Jiang Min can't be upgraded.,The drug bully is monitoring that can't be opened.,And these problems are what they can't solve.,And they don't want to solve it.,It's really enough for a product to be made like this.,That is to say, the adaptability of their software is too poor.,Not comprehensive enough.,The same computer has no problem with Rising at all.,So it's natural to say that it's good and bad.。 If you don't want to have such and such problems, buy Rising with antivirus software.
Use genuine anti-virus, kill the world without drugs, everyone's computer is healthy.
-
When the antivirus software is turned on, you browse the web and move it will not cause the antivirus software to be destroyed. For the most part, it's you who randomly open some non-antivirus software. Or, you turn off the antivirus software for other purposes, causing the antivirus software to be destroyed.
It is recommended that you do not open files randomly, and do not turn off the anti-virus software, and set up a scheduled anti-virus. Ascend and.
That's the problem inside the temporary folder, you see the kill in safe mode! Look at what your ghost is bound to, a Trojan or something! I don't think so!
Generally speaking, it is very difficult to repair an exe file after it is infected by a virus, only to delete it. Here there is an exe file repair tool killqx gui that can repair executable files after being infected by other viruses or trojans. Before you are ready to reinstall the system, you may want to try to see if it can be fixed, and maybe you can save yourself the trouble of installing various software after reinstalling the system. >>>More
Quarantine means that the infected files are encrypted by the method unique to antivirus software and placed in a specified directory, because the virus is encrypted, so it will not attack. >>>More
Trojan with ewido, (this is currently the most effective and powerful anti-trojan tool, the nemesis of horse players,) >>>More
1.Clean up the disk fragmentation.
2.Disconnect the Internet to detect and kill suspicious programs. >>>More