Summary : Internet Security software and antivirus software may help us detect and remove security threats in most cases. But there are still situations that antivirus and security tools being disabled by Trojans or virus. At this moment, you shall find virus by yourself. This article points out 7 places virus usually hide in.
Trojan horses, viruses, malicious software are by no means welcomed, while most of computer users must face security challenges caused by them from time to time. Usually we will resort to antivirus software to scan computer registry, hard disks and RAM, hoping those tools to ferret out every potential threat hidden in our computers.Good antivirus software (http://pcwatch.com/Software/Internet-Security-Suites-Software.html) and security software protect our PC. But do you know how is antivirus software developed?
The principle of antivirus software is quite simple. Based on the behavior of malware, viruses, Trojan horses, antivirus software guards and fixes vulnerability that viruses, Trojans, malware may exploit to spread themselves.
Then, let’s take a look at Trojans, viruses or malicious software. They do a lot of harm to our PC, destroying PC system, stealing computer users’ information, deteriorating performance and efficiency. Then you may wonder how are those bad things made?
Trojans, viruses or malware infect our computer by exploiting bugs of Windows system or security software (http://pcwatch.com/Software/Internet-Security-Suites-Software.html). Why computer veterans recommend people to use Windows 7 or Vista instead of XP, why Microsoft repeatedly suggests users upgrade web browser? That’s because software of new version debugs problems, thus protects your system.
Internet Security software and antivirus software may help us detect and remove security threats in most cases. But there are still situations that antivirus and security tools (http://pcwatch.com/Software/Internet-Security-Suites-Software.html) being disabled by Trojans or virus. At this moment, you shall find virus by yourself.
You may wonder which places virus would usually hide in. In registry there are seven places you should pay heavy attention to:
1. Variant of AV terminator disable anti-virus programs at PC startup. Generally speaking, if found firewall closed, it is very likely that your PC is infected by it. Go to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, and see whether the virus is hidden there.
2. If your anti-virus software cannot remove virus, or is shut down, then it might be hooked. Check HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks.
Normally safe programs will seldom be written here.
3. Sometimes even in safety mode, antivirus programs are still disabled. Then it is very likely done by new variant of infostealer.gampass or Virus_Worm.Win32.DiskGen.cy. You’d better check HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Windows\Appinit_Dlls. Normally safe programs will seldom be written here.
4. If certain viruses are very difficult to be detected and removed, you can first disable antivirus programs. Viruses are written into the low-level service and rootkits drive, therefore make users hard to clear them. Check HKLM\System\CurrentControlSet\Services.
5. There are times that you find an application cannot launch, IFEO is a possible cause. Check HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Image File Execution Options, and mind if there is AV terminator. Besides exe files, you should also pay attention to ani.ani file. Some viruses hijack this type of file to prevent restoring virus main file.
6. Some viruses delete setup program of antivirus software, modify hosts files, hide virus dll into IM category, and modify API HOOH. Suggest to check: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
7. 1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
The list above is only a small portion of possible anti-virus ways. In fact there are much more complicated viruses, as well as antivirus programs. We will post other articles discussing virus and registry later.
0 nhận xét:
Post a Comment