▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to completely kill the computer drive virus? How to avoid the computer drive virus?

The Trojan Trojan has recently become a hot topic in the security field. The author of the Trojan Trojan has been updated several times, and the infection rate and destructive power are gradually increasing. So how can we completely kill these viruses. This kind of virus is not intended for downloaders, so how to avoid it. Let's study together

1️⃣ The gradual increasing trend of the computer Internet has led to the rapid development of computer viruses now. This is undoubtedly a great blow to our normal use of computers. The new computer disk machine virus that appeared in the past few years has made many users who use the computer have a headache, so how can we completely kill such viruses.

2️⃣ This kind of virus is not intended for downloaders, so how to avoid it.
Recognize disk drive viruses

3️⃣The disk drive virus is not a virus in the strict sense, because it is not for downloader purposes, it is generated under the jade Windows system directory, and the main file formats are only lsass.exe and smss.exe.

There are indeed many types of disk drive viruses. At present, more than 100 different forms have been mutated, which has led to the inability of system management tools to run.

🦑Main transmission routes :

The biggest threat of this kind of virus is actually to unpack the RAR file, and through the uncompressed file infection, we store the EXE in the device and then continue to spread

🦑Ways to eliminate disk machine virus

>Try not to visit unfamiliar and malicious websites, and find out the reason when you find that the security software in the computer is not available.

> If you are in a host computer with a large number of LANs, you can use the APP protection function in the computer, for example, turn on-Tencent Computer Manager-Toolbox-APP firewall- or malwarebytes

tradition ways

> just be aware from malwares in disk drive

THIS TUTORIALS WRITTEN BY UNDERCODE
▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

▁ ▂ ▄ ｕ𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑How to use the system's own command to get manual antivirus

Computer users are most afraid of some viruses. Although various anti-virus software is installed on our computers, they cannot resist the malicious intrusion of viruses. The following editors teach you how to use your own tools to hang the virus yourself. Come take a look

#Malwares guide -

It is better to use your own tools to hang up the virus yourself than the installed software. That is to use the system's own command to get the manual antivirus. The specific steps are as follows:

1️⃣Before you start, remember to be prepared-use TaskList to back up the system process

2️⃣New viruses have learned to use processes to hide themselves, so we better back up the computer's process list when the system is normal. Of course, it is best to back up without running any programs when you first enter Windows. You can find the process that may be a virus by comparing the process list.

🦑At the command prompt, enter:

TaskList /fo:csv>g:zc.csv

The function of the above command is to output the current process list to the "zc.csv" file in csv format, g: is the disk you want to save to, you can open the file with Excel.

Second, when you do it yourself, you must be eye-catching-use FC to compare process list files

If you feel that your computer is abnormal, or you know that there is a recent virus, it is necessary to check it.

Enter the command prompt and enter the following commands:

TaskList /fo:csv>g:yc.csv

Generate a list of yc.csv files for the current process, then enter:

FC g: \ zccsv g: \ yc.csy

After you press Enter, you can see the difference between the front and back list files. Through comparison, it is found that the computer has an additional process named "Winion0n.exe" (here, this process is used as an example) that is not "Winionon.exe".

3️⃣ When making judgments, keep in mind that the evidence is solid-use Netstat to view open ports

How to judge whether such a suspicious process is a virus? According to the fact that most viruses (especially Trojan horses) will be connected via ports to spread viruses, you can check the port occupancy.

🦑At the command prompt, enter:

Netstat -ano

The meaning of the parameters is as follows:

a: Display all the port information to establish a connection with the host

n: Display the PID code of the open port process

o: Display address and port information in digital format

After you press Enter, you can see all the open ports and external connection processes. Here, a process with a PID of 1756 (this example) is the most suspicious. Its status is "ESTABLISHED". You can know that this process is " Winion0n" through the task manager. ".exe", by checking the network program running on this machine, you can judge that this is an illegal connection!

4️⃣The meaning of the connection parameters is as follows:

LISTENINC: indicates that it is in the listening state, that is, the port is open, waiting for connection, but has not been connected, only the service port of the TCP protocol can be in the LISTENINC state.

ESTABLISHED means to establish a connection.

Indicates that the two machines are communicating.

TIME-WAIT means to end the connection.

It means that the port has been accessed once, but the access is over. It is used to judge whether there is an external computer connected to the machine.

5️⃣When you start antivirus, you must be cruel-use NTSD to terminate the process

Although I know that "Winion0n.exe" is an illegal process, many virus processes cannot be terminated by the task manager. What should I do?

Enter the following commands at the command prompt:

ntsd –c qp 1756

After you press Enter, you can successfully end the virus process.

Tip: "1756" is the PID value of the process. If you don't know the ID of the process, open the task manager and click "View → Select Columns → Check the PID (process identifier)".

NTSD can forcibly terminate all processes except Sytem, ​​SMSS.EXE, CSRSS.EXE.