Use the command to check whether the computer is installed Trojan _ surfing the Internet
Source: Internet
Author: User
Some basic commands can often play a big role in protecting network security, and the following commands are very important.
Detecting Network Connections
If you suspect your computer is being installed on a Trojan horse, or a virus, but there is no perfect tool in hand to detect whether this is true, then you can use the network commands brought by Windows to see who is connected to your computer. The specific command format is: Netstat-an This command to see all of the IP connected to the local computer, which contains four parts--proto (connection mode), local address (connection), foreign address (and locally established connection) , state (current port status). With the details of this command, we can fully monitor the connection on the computer to achieve the purpose of controlling the computer.
Disable unknown service
Many friends find that the computer slows down after the system restarts one day, no matter how the optimization is slow, with anti-virus software also check no problem, this time is likely to be someone through the invasion of your computer to open a special service for you, such as IIS information Services, so that your anti-virus software is not to be found out. But don't worry, you can use "net start" to see what service is open in the system, if found not to open their own services, we can be targeted to disable this service. The method is to directly enter "net start" to view the service, and then use "net stop server" to prohibit the service.
Easy Checking Accounts
For a long time, a malicious attacker would love to use a cloned account to control your computer. The method they use is to activate the default account in a system, but the account is not commonly used, and then use the tool to elevate the account to administrator permissions, on the face of this account is still the same as the original, but the cloned account is the system's biggest security risk. A malicious attacker could arbitrarily control your computer through this account. In order to avoid this situation, the account can be detected in a very simple way.
First, at the command line, enter net user, see what users on the computer, and then use the "net user+ user name" To see what permissions the user is, generally except the administrator is Administrators group, the other is not! If you find that a system-built user belongs to the Administrators group, it's almost certain that you've been hacked and someone else has cloned the account on your computer. Quickly use "NET user username/del" to delete this user!
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
