A must-have guide for newcomers to completely check and kill computer Trojan viruses
1. Manual method:
1. Check the network connection
Because many Trojans will actively listen to the port or connect Specific IP and port, so we can find the existence of Trojans by checking the network connection without normal programs to connect to the network. The specific steps are to click "Start" -> "Run" -> "cmd", and then enter netstat -an. This command can see all the IPs that are connected to your computer and the ports that your computer listens to. It contains four parts. --proto (connection method), local address (local connection address), foreign address (address to establish a connection with the local), state (current port state). Through the detailed information of this command, we can completely monitor the computer's network connection.
2, view the currently running services
service is one of the methods used by many Trojan horses to keep themselves in a running state forever in the system. We can click "Start" -> "Run" -> "cmd", and then enter "net start" to see what services are open in the system. If we find a service that is not open by ourselves, we can enter "Services" "Service" in the management tool, find the corresponding service, stop and disable it.
3. Check system startup items
Because the registry is more complicated for ordinary users, Trojan horses often like to hide here. The method to check the registry startup key is as follows: Click "Start" -> "Run" -> "regedit", and then check all the key values starting with "run" under HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion; all the key values starting with "run" under HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion; All the key values starting with "run" under HKEY-USERS.DefaultSoftwareMicrosoftWindowsCurrentVersion.
System.ini in the Windows installation directory is also a place where Trojan horses like to hide. Open this file to see if there is something like shell=Explorer.exe file.exe in the [boot] field of the file. If there is such content, then the file.exe here is a Trojan horse program! P>
4. Check the system account
Malicious attackers like to leave an account in the computer to control your computer. The method they adopted was to activate a default account in the system, but this account was rarely used, and then elevated the authority of this account to administrator authority. This account would be the biggest security risk in the system. A malicious attacker can control your computer arbitrarily through this account. In view of this situation, the following methods can be used to test the account.
Click "Start" -> "Run" -> "cmd", and then enter net user in the command line to see what users are on the computer, and then use "net user username" to view this user What kind of authority does it belong to? Generally, except that the Administrator belongs to the administrators group, others should not belong to the administrators group. If you find a built-in user in the system belongs to the administrators group, you are almost certainly invaded. Quickly use "net user username/del" to delete this user!
If you find out that there is a Trojan horse, you can follow the next steps to kill the Trojan horse.
1. Run the task manager to kill the Trojan horse process.
2. Check the RUN, RUNSERVEICE and other items in the registry, make a backup first, write down the address of the bootable item, and then delete the suspicious item.
3. Delete the execution files of the above suspicious keys in the hard disk.
4. Generally, these files are in folders such as WINNT, SYSTEM, and SYSTEM32. They generally do not exist separately. It is likely that a parent file has been copied over. Check C, D, If there is any suspicious .exe, .com or .bat file under the E class disk, delete it if there is any.
5. Check the registry HKEY_LOCAL_MACHINE and HKEY_CURRENT_USERSOFTWARE Microsoft Internet Explorer Main (such as Local Page), if it is modified, just change it back.
6. Check whether the default opening programs of several commonly used file types such as HKEY_CLASSES_ROOTtxtfileshellopencommand and HKEY_CLASSES_ROOTxtfileshellopencommand have been changed. This must be changed back. Many viruses are loaded when the user opens a text file by modifying the default opening program of the .txt file.
Second, use tools:
The tools for detecting and killing Trojans include LockDown, TheClean, Trojan Star, Kingsoft Trojan Killer, Trojan Cleaner, Trojan Analysis Expert, etc. Some of these tools, If you want to use all the functions, you need to pay a certain fee, and the Trojan analysis expert is authorized to use it for free.
This article is published by www.internetweblist.com and does not represent the position of www.internetweblist.com/：http://www.internetweblist.com/Virus prevention/21831.html