Computer Mice Are The Main Computer Viruses Carriers
How to detect the infected file?
Sometimes the detection of virus or Trojan on a computer demands a high qualification and sometimes it is rather easy depending on virus complexity and methods used to hide a harmful code in a system. In “hard times” when special masking methods such as root-kit technologies are used the spare user is unable to detect the infected file. This task demands the special utilities and maybe a connection of the hard drive to another PC or system download from CD. If you face a regular worm or Trojan it may be detected by easy means.
The majority of worms and Trojans designed to get control when system is started so they use two ways to do so:
-entering the link to infected file to Windows autorun system register keys;
-copying file to Windows autorun catalogue.
Windows XP and 2000 have the following most “popular” catalogues:
%Documents and Settings%%user name%Start MenuProgramsStartup
%Documents and Settings%All UsersStart MenuProgramsStartup
When you detect suspicious files in those catalogues you should immediately send them to antivirus developer with your problem description.
The system register has lots of autorun keys but the most “popular” are Run, RunService, RunOnce and RunServiceOnce in register tracks:
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersion]
Probably, you would find there several keys with names that tell you nothing and routes to the specified files. Pay close attention to files in Windows system or root catalogue. You have to memorize their names as it would be used for further analysis.
Also, the entrance to the following key is very “popular”:
[HKEY_CLASSES_ROOTexefileshellopencommand]
Conventionally, this key has «%1″ %*» value.
The most convenient spot for placing worms and Trojans is the system (system, system32) or root catalogue of Windows. It is because first, unconventionally these catalogues contest show in Explorer is disabled. And second, these catalogues already have lots of different system files which’s designation is completely unknown for spare user. Even an experienced user has problem of designating whether the file named winkrnl386.exe is a part of OS or came from somewhere else.
You may use any file manager that is able to sort files by date and modification to sort the files in mentioned catalogues. As the result all newly made or changed files would be displayed on top of catalogue as they would be our target of interest. The first bell is the presence among them of files that you’ve previously seen in autorun keys.
Experienced users are also able to check the open network ports with standard utility netstat. It is also recommended to set the network screen and check all net-active processes. You may also check the list of active processes with special utilities but not with Windows ones as many Trojans are able to hide from Windows standard utilities.
Please, understand, there’s no advice for all life situations. I often deal with technically modified worms and Trojans that are not easy to detect. I would advise you to contact your antivirus technical service or ask for help via forums.
If you need to get a nice remove spyware infection or any helpful information about the topic of spyware blockers, please visit the hyperlinked web site.
And it is very important that you follow some general tips – today the Internet technologies give you a truly unique chance to choose what you want at the best terms which are available on the market. Funny, but most of the people don’t use this opportunity. In real practice it means that you must use all the tools of today to get any info that you need.
Search Google or other search engines. Visit social networks and check the accounts that are relevant to your topic. Go to the niche forums and participate in the online discussion. All this will help you to create a true vision of this market. Thus, giving you a real opportunity to make a smart and nicely balanced decision.
P.S. And also sign up to the RSS feed on this blog, because we will do the best to keep updating this blog with new publications about the market of spyware blockers and any changes on it.
Today's Top Picks...
eTrust PestPatrol 2005 Anti-SpywareDetects and removes a wide variety of spyware to protect your PC from unauthorized access, information theft and diminished system performance. Its... Read More >
Adsgone Spyware Blocker and Popup KillerSoftware that blocks Popup Ads and prevents Spyware
SpywareWhat if the entire Internet went down... At once?The world believes Ray Vance released the worst computer virus in history. The virus adapts a... Read More >
Webroot Spy Sweeper Antispyware 5.xThis new version of Spy Sweeper features a brand-new user interface, the result of extensive usability design and testing conducted by our in-house ex... Read More >
Related posts:
- The History Of Viruses The history of viruses There are lots of opinions on...
- Virus Is The Program That Is Able To Reproduce THE HARMFUL PROGRAMS TYPES Trojans These are the most known...
- What To Do If Your PC Is Infected? What to do if your PC is infected? Sometimes installed...
- Computer Technicians Consider The Users As The Main Problem Of Its Computer Perhaps the most popular device nowadays is computer. As with...
- Best Anti Virus Software Reviews – Spyware Anti Virus Review Are you looking for the best anti virus software reviews?...