There are more and more Trojans/backdoors with high concealment and normal process insertion. If you encounter such Trojans, you may not be able to immediately hack them if you use the software to kill them. What should I do?
My habit is to use SSM to solve the problem.
SSM is called System Safety Monitor, which is the System security Monitor. This tool is already in the "multi-language" version and supports Simplified Chinese.
The use of SSM is indeed more complex than PG, but it is still a simple and easy-to-use tool. If your IQ is higher than normal people, you will be able to learn how to use SSM in half a day; if your IQ is at the level of "ordinary people", you will be able to master it in 2-3 days; if your IQ is slightly lower than that of an ordinary person, but it is not "mentally retarded", it may take about a week to solve some common problems.
Many people will not (or are not good at) Use SSM to solve the problem. In fact, it is not because of its low IQ, but "Laziness". They always expect to use it to kill the Trojan. This post is not for such people, I also don't want to argue with such people about "what is soft killing?", "XX is soft killing? Spam?", and "how to claim compensation from soft-selling companies. If you think of SSM as a tool that can kill dead viruses/Trojans after running, you are wrong. SSM is not soft at all! This tool is useless for those who do not want to do it on their own. I uninstalled it early.
The following uses a hidden backdoor as an example to describe the specific process of using SSM to merge it.
After this backdoor is run, SSM cannot detect its file creation, registry modification, and other behaviors. However, abnormal browser processes and abnormal DLL module loading can be found in the SSM Process List (figure 1 ). I use the operabrowser, but OPERA is not enabled at this time.
Specific reasons should be investigated for such strange events.
Right-click the DLL and view its "attributes" (Figure 2) -- more suspicious (normal files all have the "version" label, but no !); The file creation date is also the most recent.
Right-click the SSM "rules" Panel and add a rule to prohibit the DLL from loading and running.
When the preceding rule is reported, a server.exe file is found in the same region (Figure 3). The creation date is the same as that of the above DLL. Then sort the rules to stop loading and running server.exe.
After adding rules, click "application settings" at the bottom of the panel (figure 4 ). Otherwise, you will be busy!
Check whether the check box shown in step 5 is selected (check required ).
Next step: Set SSM to "auto start" (figure 6), that is, "When the system starts, SSM automatically loads and runs ".
Finally, restart the system and the backdoor will be discarded. The. exe and. dll files have not been deleted, and the registry entries have not been cleared. However, this backdoor is useless as long as your SSM can be loaded and run with the system startup.
So far, there is only the problem of garbage cleaning. Clean it by yourself, and you will get all done.
Figure 1
|
| [Content navigation] | |
| Page 1st: SSM system monitoring software usage example | Page 2nd: SSM system monitoring software usage example |
| Page 3rd: SSM system monitoring software usage example | |
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
