Pages

Thursday, April 5, 2012

HOW TO CHECK FOR VIRUSES!


Checked Virus!
 
Run>regedit>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
“Debugger”=”\”C:\\WINDOWS\\SYSTEM32\\VIRUS.EXE\”"

             Open up Task Manager to get access to you may do this (CTRL + Skrif + ESC or Run>taskmgr ) (open command prompt type "taskmgr.exe) (CTRL + ALT + DEL) When you have up your Task Manager go to Processes and check what files so are running on your computer. If you see files with unormal CPU usage or very high resources usage or many files with nearly same name running at the same time. Go to "www.google.com" and type in the name check out what they are. 

You can also go to "msconfig" check out what so is running on your start up. To open msconfig go "START" and "RUN" type "msconfig" If you fine any files so are connected to any Temporaly Internet files like "temp" at your start up you should unceck the mark. Since nothing should be pointed to "temp."

You should also check out if

- Command prompt
- Regedit
- Task Manager
- Msconfig
- System Restore


If you get up any wierd message like "Its Disabled by Adminstrator" that will normaly indicate that you are infected with some kinda virus.

When importent Tools are disabled like command prompt and regedit their is way to fix them.

Why they are disabled is very simple they are very good tools to check out if the computer is infected with viruses many normal users don't know how to open them up again.

If you see wierd changes with you security tools like Anti-Virus settings is changed to lower security settings This may also indicate that you are infected. Many Viruses today may also lower security changes on the computer. So they should't be so easy to detect. So you should always take a look on the settings on your AV.

Command Prompt is disabled how to fix it:

Press "START" and "RUN" type "gpedit.msc" and go to - Adminstrative Template - system "key" is "Prevent access to the Command prompt" you Left click and hit Properties. When you are in Properties you set it to Activated.

Task Manager is disabled how to fix it:

Press "START" and "RUN" write "gpedit.msc"
- Adminstrative templates - system - "Ctrl+Alt+Del Options" and press "Remove Task Manager" Left-click Properties, when you're in there, so you can either disable it or enable it. But press "Enable"

Press "START" and "RUN" type "REGEDIT.EXE" press ok.
path: HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System
There should be a key named "DisableTaskmgr".
You can either delete it or you can change the value on it to 1.

System Restore disabled how to fix it:

Press "START" and "RUN" type "gpedit.msc" - Adminstrative Template - system - key name should be "Turn off System Restore" Left click and hit properties to Activate it.

Regedit is disabled how to fix it:

Press "START" and "RUN" type "gpedit.msc" - Adminstrative Template - system - "key" is "Prevent access to the resgisty edition tool" You left click it, and hit Properties. Now you open the window and you can set it to Activated or Disabled. You set it to Activated.

------

You should also check your firewall for open ports. If you have open ports on your computer. This have a very high risk to have open. Hackers may get easy access to them.

To open "Windows Firewall" go "START" and "RUN" type "firewall.cpl" You can also look at the firewall log file at C:\WINDOWS firewall file is a txt document its named: "pfirewall.log"

When you have detected the virus you can start to try get it away. You can download software so can do the jobb for you but you can also try to take away the virus by your own. Importent thing is it to take it away so i wont't boot up.

You should first boot your computer up in safe mode. Their are 2 ways to boot it up in safe mode you may press F8 befor the windows boot up. or you can go to msconfig befor you restart your computer. Press "START" and "RUN" and type "msconfig" go to "BOOT.INI" make a check mark on "/SAFEBOOT" this mean next time you reboot your computer it will go in safe mode to take this away you just take away the check mark when you does't want it to boot up in safe mode.

When you have Safe mode on go to your Task Manager (CTRL+ALT+DEL) fine the virus Processe.
Press "End Process" after you have done that you should go to regedit.

"START" and "RUN" type "regedit" or "regedit.exe"
you should go to all paths i type below here:

path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce
path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnceEx
path: HKEY_CURRENT_USER\SOFTAWRE\Microsoft\Windows\Curre ntVersion\Run
path: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce


Delete the virus file if you find it. after you go to Command Prompt press "START" and "RUN" type "cmd" type regsvr32 (virus file name) if you find the file exist you must delete it.

When you get a virus its very importent that you disconenct from the internet some viruses may download software without you knowing anything about it. When you are't on the Internet they can't download stuff.

You may also to go Command Prompt type "netstat -a" so you list poeple so are trying to connect to you. or is connected to you. Check out the host names.

Go into your firewall and check what programs so have access to internet if you find programs so you don't want to have internet access block them.

How to avoid viruses:

# Remember to patch up your computer and softwares you use.
# Update your Anti-Virus and Firewall.
# Never open e-mail from people you do not know.
# Never download from sources you do not trust.
# You must always scan files you download from the internet with anti-virus program before you open them.
# stay away from pages that may contain viruses and other unwanted programs.

Ref:go4expert

No comments:

Post a Comment