Xinhua News Agency, Nanjing, November 8 (Reporter Gu Ye) recently, in order to avoid downloading Microsoft's black-screen patch, many computer users shut down automatic system updates, thus giving viruses and hackers a chance to get in. The reporter interviewed an expert and asked him to introduce several simple methods to test whether the computer is "poisoned" or "Hacked ".
According to 360 security experts, first check the process. After the startup, do not start anything. Open the task manager directly to check whether there are any suspicious processes. Unknown processes can be searched by the search engine. If the Task Manager disappears immediately after it is opened, it can be determined that it has been poisoned. If the prompt has been disabled by the Administrator, be vigilant. Next, open the software such as the ice blade, first check whether there are hidden processes (marked in red), and then check whether the path of the system process is correct. If the blade cannot be used normally, it can be determined that it has been poisoned. If there is a red process, it can be determined that it has been poisoned. If there is a process with a normal system process name that is not in the normal directory, it can also be determined that the virus has been poisoned. If all processes are normal, use tools such as wsyscheck to check whether any suspicious processes are injected into normal processes. Wsyscheck uses different colors to mark the injected process and normal process. If a process is injected, first determine whether the injected module is a virus, because some anti-virus software will also inject the process.
The process has been rectified. If no exception is found, the startup Item is checked. First, use msconfig to check whether any suspicious service exists. Click "start", Press "run", enter "msconfig", switch to the service tab, and select the "hide all Microsoft services" check box, then confirm the remaining services one by one. If an exception is found, you can determine that the agent has been poisoned. If msconfig cannot be started or is automatically disabled after startup, you can also determine that the agent has been poisoned. Next, use msconfig to check whether there are any suspicious self-startup items. Switch to the "Start" tab and troubleshoot them one by one. Then, use autoruns to view more detailed startup Item information (including service, driver, self-startup Item, iebho, and other information ).
ADSL users can perform virtual dialing to connect to the Internet. Then, you can directly use the network connection of the ice blade to check whether there is any suspicious connection. You can use the search engine to search for IP addresses, corresponding processes, and ports. If an exception is found, you can disable Program To view the network connection information again.
In addition, if the computer cannot enter the security mode, and blue screen or other phenomena occur, it should be vigilant. It may be a sequent of virus intrusion, or the virus may not be cleared. You can also open the Registry Editor and locate hkeylocalmachinesoftwaremicrosoftwindowsntcurrentversionimagefileexecutionopti to check whether there are any suspicious image hijacking items. If any suspicious items are found, they may be poisoned.
In the last step, if the system runs slowly after the system is started, you can also use the CPU time for reference and find the suspicious process. The method is as follows: Open the task manager and switch to the process tab, click "View" and "Select column" in the menu, select "CPU time", and then click the title of CPU time to sort the information, except systemidleprocess and system, A process with a large CPU time needs to be vigilant.
Currently, these methods are sufficient to deal with common viruses and Trojans. If any one of them finds viruses and Trojans, you do not need to continue troubleshooting.
From: http://www.pc120.net.cn/home/faw/140354972.htm
