Sunday, July 11, 2010

TIPS TO PREVENT COMPUTER VIRUSES

If you have any problem about these tricks, please contact Tee Support agent 24/7 online for more detailed instructions.

1) Folder “Windows” and “system32”

Permissions settings: Make sure your hard disk partition is in NTFS format and uncheck the “simple file sharing” in the “Folder Options”. And then go to properties-security; delete other user groups except administrator and system. Uncheck the three items“Total Control”, “Modify” and “Write”.
Role: This is the heart of the system. If is hasn’t be protected well, unimaginable consequences will caused. When the virus is trying to write something to the system, it will be failed if there is no sufficient authority. Of course, this will also cause some programs cannot be installed successfully. It requires you to manually set back the total control permission in administrators and system. After the installation is finished, change back that setting.

2) Insert DLL

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs

Permission setting: All users read-only, cannot write

Role: The early plug-in Trojan horse trick is by modifying the registry to achive the purpose of inserting process. Although there are other ways to insert Dlll, this simple way cannot be ignored.

3) File association

HKEY_CLASSES_ROOT\exefile\shell\open\command

Permission setting: All users read-only, cannot write

Role: Modify the file association can open a certain type of file that means it can open the virus program. If you encounter a careless virus producer, it’s likely to lead all the files cannot open.

4) Autoplay

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Cdrom\Autorun

Permission setting: All users read-only, cannot write

Role: Doulbe-click any disk can also easy to run a virus. In this case, to turn off the autoplay functions of the system can avoid its launch.

5) IE Hijack

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer

Permission setting: All users read-only, cannot write

Role: Rogue software and virus can mix together. If you don’t want a lot of pop-ups when you open the web page, then you should prevent your IE being hijacked or replace IE with other browsers.

6) Startup Items

HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Windows\load
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Userinit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Permission settings: All users read-only, cannot write

Role: The above registries where a program can be seted start when the computer boot is the favorite places for virus.

7) Image File Execution Options

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Since this key is used for debugging programs, it has less meaning to general users.

It is defaulted that only the Administrator and local system have the right to change settings of the read and write.

Permission setting: All users read-only, cannot write

Role: To prevent virus hijacking antivirus software or pretend virus to run as a normal program. If necessary, this item can be deleted.

8 ) Show Hidden files

HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL
The virus will remove this item and re-establish other types so that the users cannot view hidden files

Permission setting: read-only, cannot write

Role: To avoid hidden files cannot be displayed

9 ) Safe Mode

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
To kill virus under safe mode is a very popular method now. Although sometimes the virus cannot be absolutely cleared, it’s usefull for some stubborn programs.

No comments:

Post a Comment