If you have any problem about these tricks, please contact Tee Support agent 24/7 online for more detailed instructions.
1) Folder “Windows” and “system32”
Permissions settings: Make sure your hard disk partition is in NTFS format and uncheck the “simple file sharing” in the “Folder Options”. And then go to properties-security; delete other user groups except administrator and system. Uncheck the three items“Total Control”, “Modify” and “Write”.
Role: This is the heart of the system. If is hasn’t be protected well, unimaginable consequences will caused. When the virus is trying to write something to the system, it will be failed if there is no sufficient authority. Of course, this will also cause some programs cannot be installed successfully. It requires you to manually set back the total control permission in administrators and system. After the installation is finished, change back that setting.
2) Insert DLL
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs
Permission setting: All users read-only, cannot write
Role: The early plug-in Trojan horse trick is by modifying the registry to achive the purpose of inserting process. Although there are other ways to insert Dlll, this simple way cannot be ignored.
3) File association
HKEY_CLASSES_ROOT\exefile\shell\open\command
Permission setting: All users read-only, cannot write
Role: Modify the file association can open a certain type of file that means it can open the virus program. If you encounter a careless virus producer, it’s likely to lead all the files cannot open.
4) Autoplay
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Cdrom\Autorun
Permission setting: All users read-only, cannot write
Role: Doulbe-click any disk can also easy to run a virus. In this case, to turn off the autoplay functions of the system can avoid its launch.
5) IE Hijack
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
Permission setting: All users read-only, cannot write
Role: Rogue software and virus can mix together. If you don’t want a lot of pop-ups when you open the web page, then you should prevent your IE being hijacked or replace IE with other browsers.
6) Startup Items
HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Windows\load
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Userinit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Permission settings: All users read-only, cannot write
Role: The above registries where a program can be seted start when the computer boot is the favorite places for virus.
7) Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Since this key is used for debugging programs, it has less meaning to general users.
It is defaulted that only the Administrator and local system have the right to change settings of the read and write.
Permission setting: All users read-only, cannot write
Role: To prevent virus hijacking antivirus software or pretend virus to run as a normal program. If necessary, this item can be deleted.
8 ) Show Hidden files
HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\explorer\Advanced\Folder\Hidden\SHOWALL
The virus will remove this item and re-establish other types so that the users cannot view hidden files
Permission setting: read-only, cannot write
Role: To avoid hidden files cannot be displayed
9 ) Safe Mode
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
To kill virus under safe mode is a very popular method now. Although sometimes the virus cannot be absolutely cleared, it’s usefull for some stubborn programs.
No comments:
Post a Comment