Detect the presence of virus | Tips or Trick

Posted on 7:28 PM by Unknown

These tips may be useful, especially while our computer or our friends are suddenly "weird". There are some indications that might be the basis for estimating whether the computers are infected with the virus (For Windows Operating System), among others:

Computer started running very slow, it can also occur because of the many programs that we install and run in background
The emergence of strange files in specific folders. For example a file named the same as the document file or folder names
Computers are often restart or die alone at any time or we open a special program such as Task Manager, anti-virus and other
The existence of a specific logo if you right-click My Computer > Properties
The loss of several options on the computer or the program could not walk, such as can not open the Folder Options missing or menu, can not run the Registry Editor, open the Run box, the Command Prompt and the other
Anti-virus programs and the like can not walk
Sometimes appears strange messages such as poetry and the like

If your computer is experiencing some indications above, following our tips to find the location of a possible virus attack computers.

Previously there tools / programs are needed, which is Autoruns which is part of the tools also SysinternalsSuit more can be found here or can also read this article, about how to get it.

To check, please first open the program Autoruns, Then select the Logon tab. List is displayed files or programs that run with Windows when you switch computers. If there are files that strange or unimportant it can be in non-disabled, by removing the check mark. But be careful, do not disable the program, because it can result in Windows not working. Here are some lists which are programs or applications owned by Windows and should be left, do not remove the sign checknya:

Rdpclip, the main applications that handle the File Copy. Provides functionality for Terminal Services server that allows copy and paste between server and client. The program is important for the stability and security, so leave it
Userinit, is a key process in the Windows operating system. At boot-up process of this application set the start-up sequences needed, such as network connection, and Windows Shell. This program is very important, do not be turned off
Explorer, a program manager or Windows Explorer. These applications set the Display Windows, Start Menu, taskbar, desktop, and File Manager. If you turned off the display/interface windows will not appear.
Ctfmon, an application process that has Microsoft Office, set the matter Alternative User Input Text Input Processor (TIP) and the Microsoft Office XP Language Bar. This program does not have to work, but it should not be turned off.

The first three files are applications that are always there in the windows operating system (except for windows 9x / ME, which may only userinit and explorer), and should be work, while the fourth application appears if there are Microsoft Office applications on the system. And it is important to note that the first two applications above (rdpclip and userinit) location (Image Path column) in C:\Windows\sistem32, explorer application in the folder C:\Windows, is there ctfmon in the folder C:\Windows\sistem32, with the assumption we install the operating system on Drive C: . In addition to the above four files, the file locations can be examined inImage Path column, Does the file is anti-virus, anti spyware, Sound manager, tools for the printer and so on. If any application is located in a strange place or in the windows system, but you do not recognize or have never installed the application, could be a virus.

There are a few things when we look at the list in the Autoruns. Sometimes viruses, Trojans, malware and the like will use the same name or similar applications that have windows, like explorer, expiorer, exploler, spooler, etc., it is necessary scrutiny name and location. For example there is the name of the explorer, but its location is not in C:\Windows, it could be a virus. In addition, if we remove the check mark on the program or a particular application, then after a while do a refresh, and the application appears again, it's likely the application is one of the virus.