Beat down "John" and find hidden superusers

Source: Internet
Author: User

Many of my friends reflect that there seems to be a "third party" in their computers, but whether they directly open the account manager in the system, you still cannot find any clues through the "net user" command in the command prompt.

Does this mean that there are no other illegal accounts in the computer? No, because many hackers modify the HKEY_LOCAL_MACHINESAM of the Registry to create hidden accounts, which cannot be seen by conventional methods.

To check whether a hidden account exists on your computer, you must start from the source to view the corresponding key value of the registry. Open the "run" window, enter "regedit", and press enter to open the Registry Editor. On the left side, select HKEY_LOCAL_MACHINESAM, right-click the SAM sub-key, select "permission" in the pop-up menu, and click "add" in the open permission settings window to add the current account, set the permission to "full control" and click "OK" to return.

At this point, we can see two more sub-keys under the SAM sub-key, namely samdomains and samrxact. Expand SAMSAMDomainsAccountUsersNames in sequence. The subkeys under Names are the list of all accounts in the current system, including hidden accounts, if it is found that the list is inconsistent with the user that the system account management or net user sees, it turns out that it is an illegal secret account and you can directly Delete the corresponding sub-key.

In addition, if you are in trouble, you can directly open the registry, select HKEY_LOCAL_MACHINESAM, open the "file" menu, and select the "Export" command to export the key value, if you suspect that a hidden account has been illegally created, you only need to double-click the exported registry file and re-import it to the Registry to delete the hidden account.

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.