Computer Trojan virus detection and removal

Source: Internet
Author: User

I often walk by the river. How can I get wet? So sometimes it takes a long time to access the Internet, and attackers may plant trojans on their computers. How do I know if my computer has been installed with a Trojan?
I. manual method:

1. Check network connection conditions

Because many Trojan Horses actively listen on ports or connect specific IP addresses and ports, we can connect to the network without a normal program, check the network connection to find out the existence of the Trojan. Click Start> RUN> cmd ", enter the netstat-an command to view all the IP addresses connected to your computer and the ports listening to your computer. It contains four parts: proto (connection method) local address, foreign address, and state ). With the detailed information of this command, we can fully monitor the computer's network connection.

2. view the currently running services

A service is one of the methods that many Trojans use to keep themselves running in the system. You can click "start"> "run"> "cmd" and enter "net start" to check whether any service is enabled in the system, if you find a service that is not opened by yourself, you can go to "service" in the "service" management tool, find the service, stop and disable it.

3. Check system startup items

Because the registry is complex for common users, Trojans often prefer to be hidden here. To check the Registry Startup key, click Start> run> regedit and check all the key values starting with run in HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion; all key values starting with "run" under HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion; all key values starting with "run" under the HKEY-USERS.DefaultSoftwareMicrosoftWindowsCurrentVersion.

The System. ini in the Windows installation directory is also a place where Trojans like to hide. To open this file, we can see that, in the portable bootstrapping field of this file, there is no such content as shell‑policer.exe file.exe. if there is such content, then file.exe is a trojan!


4. Check the system account


Malicious attackers like to leave an account in the computer to control your computer. The method they use is to activate a default account in the system, but this account is rarely used, and then escalate the permissions of this account to administrator permissions, this account will be the biggest security risk in the system. Malicious attackers can use this account to control your computer at will. In this case, you can use the following methods to check your account.

Click "start"-> "run"-> "cmd", and enter the net user in the command line to view some users on the computer, then, use "net user username" to check the permissions of the user. Generally, except that the Administrator is in the administrators group, other permissions should not belong to the administrators group, if you find that a system-built user belongs to the administrators group, you are almost certainly intruded. Use "net user username/del" to delete this user!

If a trojan exists, follow the steps below to kill the Trojan.

1. Run the task manager and kill the Trojan process.

2. Check RUN, RUNSERVEICE, and other items in the registry. Back up the items, write down the addresses of the items that can be started, and delete the items that are suspicious.

3. Delete the execution file of the above suspicious key on the hard disk.

Upload,. com or. bat files. If yes, delete them.

5. Check the items in the Registry HKEY_LOCAL_MACHINE and HKEY_CURRENT_USERSOFTWAREMicrosoftInternet assumermain (such as Local Page). If the items are modified, modify them.

6. Check whether the default open programs of common file types such as HKEY_CLASSES_ROOTtxtfileshellopencommand and HKEY_CLASSES_ROOTxtfileshellopencommand are changed. This must be changed back. Many viruses allow viruses to be loaded when users open text files by modifying the default OPEN Program of the. txt file.

Ii. Tools used:

The tools used to scan and kill Trojans include LockDown, TheClean, wooden marker, Kingsoft Trojan, Trojan removal master, and Trojan analysis experts. If you want to use all the functions, you must pay a certain fee, trojan analysis experts are free of charge.

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.