Article Title: click Security to check whether simple Trojans exist in the system. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
How can I check if a system contains a trojan? Here, we only illustrate some simple Trojans:
1. Start the task manager and check whether there are any unfamiliar processes. Record them and do not touch them for the time being.
2. Start the Registry Editor and view the following:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run...
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run...
Check whether any suspicious program exists in the startup table.
HKEY_CLASSES_ROOT \ exefile \ shell \ open \ command
Check whether there is an exe file associated Trojan. The correct key value should be: "% 1" % *
HKEY_CLASSES_ROOT \ inffile \ shell \ open \ command
Check whether there is an inf file associated Trojan. The correct key value should be: % SystemRoot % \ system32 \ NOTEPAD. EXE % 1
HKEY_CLASSES_ROOT \ inifile \ shell \ open \ command
Check whether there is an ini file associated with the trojan. The correct key value should be: % SystemRoot % \ system32 \ NOTEPAD. EXE % 1
HKEY_CLASSES_ROOT \ txtfile \ shell \ open \ command
Check whether there is a txt file associated Trojan. The correct key value should be: % SystemRoot % \ system32 \ NOTEPAD. EXE % 1
Record down. Do not change it for now
3. Start a cmd window and run netstat-an to check whether an abnormal port exists. We recommend that you download an Active Ports from www.sometips.com.
It is used to view the relationship between the port and the process and find out the process using the abnormal port.
4. Use the resource manager to view winnt \ and winnt \ system32 files (remember to display all files, including protected files), sort by time, and find programs with abnormal creation time or modification time, record it.
5. Choose Start> program> startup to check whether there are any strange startup files.
Based on the above five steps, we should be able to sort out a list of suspicious programs. Below is the list of Trojans: D
6. The Trojan removal sequence is as follows:
Stop the process first-> clear the Registry related table items-> Delete the trojan file on the hard disk.
Note: For some Trojans, the thread injection or three-thread protection method is used. You need to use related tools to clear them (or try to write it yourself, it is to practice coding ).
In addition, I have seen a horse and used autorun File Association. There is an autorun file under the root of each partition. As long as you access this partition, the trojan file will be loaded.
TIPS: When an exe file is associated, you can copy regedit.exe to regedit.com and run regedit.com to associate the exe file, the premise is that no related process is monitoring this table item in the system.
The above is just a simple example of how to use a simple method to determine whether there is a horse in the system, and more importantly, to prevent it. The most basic prevention method is to install patches on the MS face, in addition, we recommend that you do not run suspicious programs. We recommend that you have a powerful anti-virus software and Norton Antivirus.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
