Attack personal computers

When you surf the Internet, don't chat with you. If you send an email, you must have a common protocol, which is the TCP/IP protocol, communication between any network software is based on the TCP/IP protocol. If you compare Internet connection to a road network, a computer is a roadside house, and the house must have a door for you to access. The TCP/IP protocol stipulates that a computer can have a door of 256 multiplied by 256, that is, from 0 to 65535, the port is called by the TCP/IP protocol ". When you send an email, the email is sent to port 25 of the email server. When you receive the email, the e-mail software obtains the mail from port 110 of the mail server. What you see now is that it enters port 80 of the server. The port opened on the newly installed PC is port 139. When you access the Internet, you can use this port to connect to the outside world.
. The hacker is not a god, and he is also --- entering your computer through the port

How did hackers enter your computer? Of course, it also enters your PC through a port based on the TCP/IP protocol. If your computer has a shared directory, hackers can access your computer through port 139! Windows has a flaw. Even if you have set a long password for your shared directory, you can enter your computer in a few seconds. Therefore, you 'd better not set a shared directory, you cannot allow others to browse your e-brain data. Apart from port 139, if no port is open, hackers cannot intrude into your PC. So how did hackers come into your computer? The answer is to use a Trojan horse to access your computer. If you accidentally run a Trojan horse, a port on your computer will be open, and hackers will access your computer through this port. For example, there is a typical trojan software called netspy.exe. If you don't need to run netspy.exe, it will tell windows that it will run every time you start the computer. Then, netspy.exe opens a door on your computer ", the "Door" number is port 7306. If hackers know that your port 7306 is open, they can use the software to sneak in to your computer. A Trojan Horse is designed to intrude into a personal computer. It is hidden in a computer and at work, and its operation and hacker intrusion, no trace is displayed on the computer screen. Windows itself does not have software to monitor the network, so without the help of software, it does not know the existence of Trojan horse and hacker intrusion. Next, Qiqi will let you use the software-how to find trojans on your computer

Qi again uses netspy.exeas an example. Now, I know that netspy.exe has opened port 7306 on the computer. If you want to know whether your computer is netspy.exe, you just need to knock on the 7306 door. Open C:/Windows/winipcfg first. EXE program, find your own IP address (for example, your IP address is 10.10.10.10), open a browser, and enter the http: // 10.10.10.10: 7306/, ghost version in the address bar, so your computer has the netspy.exe Trojan. This is the simplest and most direct method, but you need to know the ports opened by various Trojans. Odd knows that the following ports are opened by Trojans: 7306, 7307, 7308, 12345, 12345, 12346, 31337, 6680, 8111, 9910. However, even if you are familiar with all the known trojan ports, you still cannot completely guard against these Trojans. We need to ---- further search for Trojans.

Qiqi once made an experiment: I knew that netspy.exe opened port 7306, So I crashed the Trojan. So we can scan our computer to see how many ports are open on the computer, and then analyze the opened ports.

As mentioned above, the computer port ranges from 0 to 65535, of which port 139 is normal. First, find a port scanner. Qiqi recommends "Agent Hunter". After you access the Internet, find your own IP address. Please disable the running network software, because the opened port may be mistaken for a trojan port, and then let the proxy hunter scan ports 0 to 65535, if port 139 is open to other ports, it may be caused by Trojans.

If port 139 is excluded, You can further analyze the port by entering the browser to see what kind of reflection it will make. You can judge it based on the situation.

The hacker can see what ports are open on the computer. In addition to port 139, there are other ports open. You can analyze them. If you decide that a trojan is in your computer, you have to ---- Delete the Trojan on the hard disk

The simplest method is to remove Trojans with the ghost software. The netvrvvirus wall can help you delete netspy.exeand bo.exe Trojans, but cannot delete NetBus Trojans.

The following describes how to delete a NetBus Trojan.

A Brief Introduction to NetBus Trojans. There are two types of Netbus Trojan clients: open port 12345, one is m
Ring.exerepresents the (472,576, and sysedit.exe represents (494,592 bytes ).

After mring.exeis run, mring.exe tells windows to run it every time it starts. Windows puts it in the registry, and you can open C:/Windows/Regedit. EXE to go to HKEY_LOCAL_MACHINE/softw.
Are/Microsoft/Windows/CurrentVersion/runfind mring.exethen Delete this health check, and then you find mring.exe in Windows to delete. Again, mring.exe may be changed by a hacker, and the length of the byte is also changed, but the location in the registry will not change. You can find the location in the registry.

The variant of the delimiter.

After sysedit.exe is run, it will not be added to the Windows registry or automatically mounted to other programs. Therefore, some people think that this is a dumb Trojan, which is the most hateful and sinister Trojan. When other Trojans are added to the Registry, you can trace them. Even experts believe that the most vicious Bo Trojan can be easily deleted from the registry.

The program sysedit.exe of the producer is also started. We did this experiment on our computer and bundled sysedit.exe and C:/Windows/system/abcwin.exe to abcwin.
EXE is a smart ABC input method. When I enable the computer to access the Internet, as long as the intelligent ABC input method is not enabled for typing and chatting, sysedit.exe will not be running, and you will not be able to access my port 12345, if I want to type, once the smart ABC Input Method (abcwin.exe.pdf is started, sysedit.exe bound to abcwin.exeis also running, and port 12345 is opened, and others will be able to hack into my mind. In the same way, sysedit.exe can be bound to network tools such as network pagers and mailbox tools, or even bundled to dial-up tools, with hundreds of programs in the computer, do you know where to find it? So I said this is the most sinister Trojan, which is hard to prevent.

Sometimes you know that you are using a NetBus Trojan, especially sysedit.exe. You can find that port 12345 is open and you can use the NetBus client software to access your computer, but you don't know where the trojan is. In this case, you can view the memory. Open C:/Windows/drwatson. EXE, take a picture of the memory, and view"
The task tab lists the running programs in the program column. If suspicious programs are found, go to the path bar, find the program, and analyze it, you will know if it is a trojan. Although sysedit.exe can be exposed after other programs, it is exposed in C:/Windows/drwatson. EXE.

You can know all the good conditions. To search for Trojans, you can go to the specified location in the Registry and find executable programs. For example, the opened port is 7306, find the executable program containing "NetSpy", and check the memory to see if any program is in the memory.

There are two types of trojans on your computer. One is that you accidentally run a program containing Trojans, and the other is that, "Netizens" give you a "fun" program. Therefore, you should be careful later. You need to find out what program to run and then install it easily.