Often in the river walk, how can we avoid wet feet? So sometimes the Internet a long time, it is likely to be attacked by a Trojan in the computer kind. How to know the computer has not been installed on your system then?
First, manual methods
1, check the network connectivity
As the number of Trojans will take the initiative to the listening port, or will connect a specific IP and port, so we can connect to the network without the normal case, the situation with the situation by examining the network to discover the existence of Trojan horses. Specific steps is to click "Start" -> "Run" -> "cmd", then enter the command netstat-an to see all, and to connect their computers and their computer IP listening port, which contains four parts - proto (connection), local address (local connection address), foreign address (the address of local connection), state (current port status). For more information through this order, we can completely control the computer's network connections.
2, view the currently running services
Service is a lot of Trojans in the system used to maintain its always to be running one of the methods. We can click on the "Start" -> "Run" -> "cmd", then enter "net start" to see what kind of services the system is turned on, if we find the open service is not their own, we can enter " Services "management tool" Services ", find the appropriate service, stop and disable it.
3, check the system startup items
Because the registry is more complicated for the average user, Trojan horses often prefer to hide here. Check the registry startup entry is as follows: Click "Start" -> "Run" -> "regedit", then check HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion of all to "run" at the beginning of the key; HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion of all to "run" at the beginning of the key value; HKEY-USERS.DefaultSoftwareMicrosoftWindowsCurrentVersion of all to "run" at the beginning of the key.
System.ini Windows installation directory is hidden places like Trojans. Open this file to see if, in the file [boot] field, is not a shell = Explorer.exe file.exe such content, if any such content, it is the Trojans here file.exe it!
4, check the system account
Hi malicious attacker left an account on the computer way to control your computer. They used a system is to activate the default account, but rarely use the account and then upgrade the account administrator access permissions, the account will be the system's biggest security risk. Malicious attacker can arbitrarily control the account on your computer. In view of this situation, you can use these methods account for testing.
Click the "Start" -> "Run" -> "cmd", then enter the command line net user, see what the computer user, and then use "net user username" see what the user permissions are , General Administrator is the administrators group in addition to the other should not belong to administrators group, if you find a system built-in user belongs to administrators group, it is almost certain that you have been invaded. Quick to use "net user username / del" to delete the user it!
If you check out the existence of a Trojan can be killed by subsequent steps Trojan work.
1, run Task Manager, kill the Trojan process.
2, check the registry RUN, RUNSERVEICE and other items, the first backup, you can start the key note address, then delete the suspicious.
3, delete the key suspect in the implementation of the file on your hard drive.
4, the general of this document are in WINNT, SYSTEM, SYSTEM32 folder such, they generally will not exist, is likely to have a master copy files over, and check the C, D, E 绛?Pan no suspicious circumstances under of. exe,. com or. bat file, there are deleted.
5, check the registry HKEY_LOCAL_MACHINE and HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerMain in several (eg, Local Page), if modified, can be changed back.
6, check HKEY_CLASSES_ROOTtxtfileshellopencommand and HKEY_CLASSES_ROOTtxtfileshell
opencommand several common file types, etc. The default open procedures were changed. This must be changed back. Many viruses is by modifying the. Txt files by default program for the virus in the user opens a text file loaded.
Second, use of tools
Avira Trojan tools are LockDown, The Clean, Trojan nemesis, Kingsoft Trojan specifically kill, trojan remove master, Trojans and other analysts, some of which tools, if you want to use all the features necessary to pay certain costs, Trojan analysts is license free use.
相关链接:
AMD: It is easy to say the reality is cruel
Facts and figures
audio to mp3 CONVERTER
FTP Clients DIRECTORY
Kaspersky: vigilance good at DISGUISING the "beauty" release device Trojan
Convert to wmv
Top Shell Tools
Nero 6 new baked a number of bug fixes
Dealer how to identify the manufacturer with The money trap?
Free download mp4 to 3gp
Blackberry Video Format
Job 10 kinds of unhealthy attitude towards students
IPTV: think carefully before operation
No comments:
Post a Comment