How to kill the virus than the LAN

First, how to judge a LAN poisoning

1. Press Ctrl + Shift + Del keys (three keys at the same time here), bring up windows task manager running processes view the system to identify not familiar with the process and note its name (which need experience), if the process is a virus If, in order to facilitate subsequent removal. For the time being not to terminate the process, because some viruses or illegal can not end this process may be. Click to view the CPU and memory performance of the current state, if closer to 100% CPU utilization or memory of the occupation of high value, then the possibility of poisoning the computer is 95%
2. View the current start of windows service items, from "Control Panel" and "management tools" in open "service." C:\winnt \system32\explored.exe，Right-hand column to see the state as a "start" start type to "Automatic" line item; In general, the normal windows services, basically a description of the content (a small number of hackers or worms, except false), then double-click Open the problem that the service item to view its properties in the executable file path and name, if the name and path as C: \ winnt \ system32 \ explored.exe, computer trick.  One is the "control panel" can not open or go to the left of all the icons inside the middle of a vertical scroll bar, while the right side is blank, and then double-click Add / Remove Programs or management tool, the body is empty window, which are the characteristics of the virus file winhlpp32.exe attack.
3. Run the registry editor, command regedit or regedt32, see all those programs together with the windows start. Hkey_Local_Machine\Software\MicroSoft\Windows\CurrentVersion\Run Mainly to see the Hkey_Local_Machine \ Software \ MicroSoft \ Windows \ CurrentVersion \ Run and RunOnce behind several other, view the form on the right of the key value, to see if the startup items illegal. WindowsXp msconfig WindowsXp run msconfig also played the same role. With the accumulation of experience, you can easily determine the start virus entry.
4. Using the Internet to check the browser. yahoo.com,sony.com www.symantec.com, www.ca.comsy mantec Norton2004 Spasm before the Gaobot virus, could be on yahoo.com, sony.com other sites, but can not access, such as www.symantec.com, www.ca.com such well-known security vendor's website, install antivirus software can not access symantecNorton2004 upgrade.
5. Unhide property, view the system folders winnt (windows) system32, if you open the folder is empty after that the computer has been poisoned; open the system32, you can sort by type on the icon to see there is no pandemic virus, the implementation of the file exists .Tasks,wins,drivers.By the way check the folder Tasks, wins, drivers. Present the implementation of some virus files on the refuge; drivers etc hosts file under the altered virus like object, it would have only 700 bytes or so, been tampered with since become 1Kb above, this is caused by general web access to the security vendors can not access the website, the famous anti-virus software can not upgrade the reason why.
6. By the antivirus software to determine whether the poisoning, if the poisoning, anti-virus software will automatically terminate the virus program, and manually upgrade to fail.