Sunday, December 21, 2008

Repairing Virus Infected Computer

How to Handle Virus Safely?


When your computer infected by virus, there are some tips to find source virus location attacking the computer and stop ctivities of viruses:
  1. Tools/program we need is autorun as a part of SysinternalsSuit tools. You could check at (http://www.microsoft.com/technet/sysinternals/default.mspx).
  2. For investigation and first step of recovery, open autorun, then log it on. The list showed are files running at the same time with active filies of windows. You should stop access of strange programs or unimportant programs by throw away check mark (√). Be careful to do it, your miss action can stop windows activity. I show you the list of important programs have to be keept in active:
  3. rdpclip, is a program to handle file copying. It provides menu ”copy and paste”.
  4. Userinit, is the key of windows process. It mange start menu of windows.
  5. explorer, is the mechanic of windows explorer. It manage file manager, desktop and others. . if you stop this program, windows will not be visible.
  6. ctfmon, is application of MS Office and language bar.
  7. Rdpclip, userinit, and explorer is the applications always exist in Windows operating system except Windows 9x/ME (just userinit and explorer). It should be keep in active.
  8. rdpclip and userint source program is in column Image Path in C:\Windows\System32, explorer application is in folder C:\Windows, and ctfmon in folder C:\Windows\System32, with assumption that we setup Windows system in Drive C:
  9. We should look at column Image Path. When founding strange files in: \Windows\System32, and we believe that is not system files, we have to trough them.

There are some things have to be attended at the list inside Autoruns. Viruses are often in form and use the name similar to explorer and spooler. We have to be careful. Virus often use those name but its location is not in C:\Windows. Otherwise, when we lose the check mark of some programs, that mark would always restore automatically, indicating reactive programs. That is a virus. I recommend you to learn virus progress in http://www.processlibrary.com.

Tag: handling virus, how to handle virus, recovering computer from virus, computer recovery, step of computer recovery from virus, how to stop virus.
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)