Current location - Quotes Website - Personality signature - Excuse me, who knows what this program is? Thank you!
Excuse me, who knows what this program is? Thank you!
virus

Well, this is definitely a virus, but it's not the mother of the virus.

If you open any web page, it will automatically generate a temporary folder, then the virus has penetrated into your computer ... you can do further inspection.

It is recommended to check all the locations that can be started in the registry. Let me give you some examples of specific key positions.

HKLM \ Software \ Microsoft \ Windows NT \ Current Version \ Winlogon \ Userinit

HKLM \ Software \ Microsoft \ Windows NT \ Current Version \Winlogon\Shell

HKLM \ Software \ Microsoft \ Windows \ Current Version \ Running

HKCU \ Software \ Microsoft \ Windows \ Current Version \ Running

HKLM \ Software \ Category \ Protocol \ Filter

HKLM \ Software \ Class \ Protocol \ Processor

HKCU \ Software \ Microsoft \ Internet Explorer \ Desktop \ Component

HKLM \ Software \ Microsoft \ Active Installer \ Installed Components

HKLM \ Software \ Microsoft \ Windows \ Current Version \ Explorer \ SharedTasks Scheduler

HKLM \ Software \ Microsoft \ Windows \ Current Version \ ShellServiceObjectDelay Load

HKLM \ Software \ Microsoft \ Windows \ Current Version \ Explorer \ Shell Execution Hook

HKLM \ Software \ Microsoft \ Windows \ Current Version \ Shell Extension \ Approval

HKLM \ Software \ Class \ Folder \ Shellex \ Column Processor

HKLM \ Software \ Microsoft \ Windows \ Current Version \ Explorer \ Browser Assistant Object

HKCU \ Software \ Microsoft \ Internet Explorer \ URL Search hooks.

HKLM \ Software \ Microsoft \ Internet Explorer \ Toolbar

HKLM \ Software \ Microsoft \ Internet Explorer \ Extension

HKLM \ System \ Current Control Set \ Service

HKLM \ System \ Current Control Set \ Control \ Session Manager \ Start execution.

HKLM \ Software \ Microsoft \ Windows NT \ Current Version \ Image File Execution Options

HKLM \ System \ Current Control Set \ Control \ Session Manager \KnownDlls

HKLM \ Software \ Microsoft \ Windows NT \ Current Version \ Winlogon \ UIHost

HKLM \ Software \ Microsoft \ Windows NT \ Current Version \ Winlogon \ Notification

HKLM \ System \ Current Control Set \ Service \ WinSock2 \ Parameters \ Protocol _ Directory 9

HKLM \ System \ Current Control Settings \ Control \ Print \ Monitor

HKLM \ System \ Current Control Set \ Control \ Security Provider \ Security Provider

HKLM \ System \ Current Control Set \ Control \ Lsa \ Authentication Package

HKLM \ System \ Current Control Set \ Control \ Lsa \ Notification Package

HKLM \ System \ Current Control Set \ Control \ Lsa \ Security Package

HKLM \ System \ Current Control Set \ Control \ Network Provider \ Order

Then check whether there is a virus driver in the driver, and you can use the method of verifying Microsoft digital signature.

Then check the WIN32 service.

Check BHO, message hook, SSDT, image hijacking and processing module again.

Related articles
  • The first blind date, please describe your experience and teach some real experiences to the great god who was close to you?
  • Girls simple happy personality signature
  • What do the curtain wall tender documents mainly include?
  • What are the strong traditional Chinese characters
  • What is the general process of registering a branch in Nanchang?
  • Recommend short and beautiful sentences that disappoint the object.
  • Young people's first pure electric coupe SUV, first experience Weilai EC6.
  • Interesting and narcissistic conversation, interesting and narcissistic conversation
  • Can I take the high-speed train directly from Guangzhou South Railway Station to Futian, Shenzhen? Go to Futian Port at Futian Station and go to Hong Kong.
  • How to write Zhu Zhejing¡¯s signature?

    • copyright 2024 Quotes Website All rights reserved