Current location - Quotes Website - Personality signature - Excuse me, who knows what this program is? Thank you!
Excuse me, who knows what this program is? Thank you!
virus

Well, this is definitely a virus, but it's not the mother of the virus.

If you open any web page, it will automatically generate a temporary folder, then the virus has penetrated into your computer ... you can do further inspection.

It is recommended to check all the locations that can be started in the registry. Let me give you some examples of specific key positions.

HKLM \ Software \ Microsoft \ Windows NT \ Current Version \ Winlogon \ Userinit

HKLM \ Software \ Microsoft \ Windows NT \ Current Version \Winlogon\Shell

HKLM \ Software \ Microsoft \ Windows \ Current Version \ Running

HKCU \ Software \ Microsoft \ Windows \ Current Version \ Running

HKLM \ Software \ Category \ Protocol \ Filter

HKLM \ Software \ Class \ Protocol \ Processor

HKCU \ Software \ Microsoft \ Internet Explorer \ Desktop \ Component

HKLM \ Software \ Microsoft \ Active Installer \ Installed Components

HKLM \ Software \ Microsoft \ Windows \ Current Version \ Explorer \ SharedTasks Scheduler

HKLM \ Software \ Microsoft \ Windows \ Current Version \ ShellServiceObjectDelay Load

HKLM \ Software \ Microsoft \ Windows \ Current Version \ Explorer \ Shell Execution Hook

HKLM \ Software \ Microsoft \ Windows \ Current Version \ Shell Extension \ Approval

HKLM \ Software \ Class \ Folder \ Shellex \ Column Processor

HKLM \ Software \ Microsoft \ Windows \ Current Version \ Explorer \ Browser Assistant Object

HKCU \ Software \ Microsoft \ Internet Explorer \ URL Search hooks.

HKLM \ Software \ Microsoft \ Internet Explorer \ Toolbar

HKLM \ Software \ Microsoft \ Internet Explorer \ Extension

HKLM \ System \ Current Control Set \ Service

HKLM \ System \ Current Control Set \ Control \ Session Manager \ Start execution.

HKLM \ Software \ Microsoft \ Windows NT \ Current Version \ Image File Execution Options

HKLM \ System \ Current Control Set \ Control \ Session Manager \KnownDlls

HKLM \ Software \ Microsoft \ Windows NT \ Current Version \ Winlogon \ UIHost

HKLM \ Software \ Microsoft \ Windows NT \ Current Version \ Winlogon \ Notification

HKLM \ System \ Current Control Set \ Service \ WinSock2 \ Parameters \ Protocol _ Directory 9

HKLM \ System \ Current Control Settings \ Control \ Print \ Monitor

HKLM \ System \ Current Control Set \ Control \ Security Provider \ Security Provider

HKLM \ System \ Current Control Set \ Control \ Lsa \ Authentication Package

HKLM \ System \ Current Control Set \ Control \ Lsa \ Notification Package

HKLM \ System \ Current Control Set \ Control \ Lsa \ Security Package

HKLM \ System \ Current Control Set \ Control \ Network Provider \ Order

Then check whether there is a virus driver in the driver, and you can use the method of verifying Microsoft digital signature.

Then check the WIN32 service.

Check BHO, message hook, SSDT, image hijacking and processing module again.