subject: Anti Virus: Edit Registry to Prevent Internet Virus [print this page] Anti Virus: Edit Registry to Prevent Internet Virus
Virus is almost unavoidable for every web surfer and his computer. Even though you have removed the virus using antivirus software, you restart your computer, only to find virus still exist and infect your computer. Why?
It is because internet virus will set a restoration key in registry boot options. After the system rebooted, virus will restore itself to previous status. Therefore, in order to remove virus from the root, we could start from registry, in which way we could block virus away from computer system.
1. Block Launch from Webpage
When your PC is infected, you will find .html or .htm under these registry branches:
Those launch keys would visit websites which contain viruses automatically after you restart computer. It is highly recommended to remove malicious launch keys.
Therefore, after antivirus removes viruses, we had better open registry editor, check if the registry branches mentioned above contain .html or .htm. If there is, delete the key by clicking it, clicking "Edit" on the bar and then selecting "Delete". Refresh registry by pressing F5 later.
If you find .vbs keys in the above registry branches, delete them because they are also viruses.
2. Block Launch from Backdoor
Some virus would disguise themselves as normal registry keys so that users cannot identify them. In this way, users will think them safe and keep them there, thus the virus still exists in our computer, and infect system.
For instance, virus would create a launch key "system32", and set the key as "regedit -s D:Windows". It seems like a system default key, and actually many users do think it is. "regedit -s D:Windows" is virus, indeed. "-s" is a backdoor parameter of registry which is used to import files into registry and create .vbs files under Windows installation directory. The vbs files facilitate virus to reboot. Therefore, you need to delete backdoor keys like "regedit -s D:Windows" if you find them in registry.
3. Block Launch from Files
Besides the registry launch keys, "Win.ini" file is a potential place where virus will hide. Internet virus will create some items in this file. The illegal launch items should be deleted in case of internet virus infection.
Generally speaking, "Win.ini" file is located in Windows installation directory. Open explorer, find the file and open, and check the items following "run=""load=" in file edit area. If you find keys from unknown source, remove all the keys after "=". It is suggested to remember the detailed file name and path. After deletion, it is turn to delete the virus file in "system" folder.
All in all, the above three methods can help you block most internet virus from spreading in your computer. Besides them, you can also rely on antivirus and security software, like Kaspersky Internet Security, Norton Internet Security, ESET Smart Security 4. The software is professional anti-virus tools that can make checking and removing online threats very easy. If you are not that skilled at registry, it is highly recommended to use antivirus software.
