Detect Backdoor programs and clear malicious software Q &

Source: Internet
Author: User
Tags malware protection security essentials

For many years, IT administrators have to deal with the evolving Windows operating system threats in enterprises. Windows attacks include blue screens, proof-of-concept attacks, and key recorders and spyware used to plagiarize key business data. The backdoor protection techniques proposed by experts in this article can ensure the security of desktop, network and mobile devices. This knowledge, coupled with anti-virus software, passwords, backdoor program detection and removal of best practices, should be part of the desktop administrator toolbox.
 
What is a backdoor program?
 
A backdoor is a program that can access a computer or network as an administrator. Backdoor programs can access the system BIOS and are not always maliciously designed. However, BIOS Backdoor attacks can cause the hardware drive to be erased and re-mapped.
 
In fact, the source of the backdoor program may be shocking, and it may cause us trouble like viruses and spyware. Sysinternals Security Expert Mark Russinovich once found that the digital rights management (DRM) component on Sony audio CD had installed a backdoor program on his computer.
 
"This creates an opportunity for virus makers," said Mikko Hypponen, head of anti-virus research at F-Secure Finland. These Backdoor programs may be exploited by arbitrary malware. When this happens, it will become more difficult for companies like ours to differentiate between legitimate software and malware."
 
Facts have proved that in addition to 64-bit Windows operating systems, virtual machines and smartphones are vulnerable to backdoor attacks, therefore, it is a good idea to learn and apply the best practices for detecting and removing Backdoor programs.
 
How can I discover Backdoor programs?
 
Backdoor programs have already appeared in many products, including commercial security products and third-party application extensions that seem no problem. There is no very accurate science to find and remove Backdoor programs, because Backdoor programs can be installed on computers in multiple ways. There is no single tool to correctly identify all Backdoor programs and behavior similar to backdoors.
 
To determine whether the backdoor program is running, you can use a system process analyzer, such as ProcessExplorer of Sysinternals or a better network analyzer. You may be surprised by what the program does and the traffic on the network adapter. You may also find that the overloaded system runs on a machine with very few memory or hard drive fragments. Check the system configuration and run the backdoor scan program.
 
1. scan system memory. When a process is called, it monitors all the entry points, traces the calls of input class libraries (from dynamic link libraries) that may be spoofed or redirected to other functions, and loads the device drive, and so on. The disadvantage of detecting a backdoor program using this method is that it is monotonous, time-consuming, and cannot calculate all possible methods that the backdoor program is introduced into the system.
 
2. Seek Truth-expose API fraud. A backdoor detection application for Windows was developed by Windows Security Analysts Bryce Cognos and Mark Russinovich. This lightweight binary program monitors the location of the file system and the Registry Configuration unit to find information hidden behind the Windows API: The main file table and the active index. In addition, the author of "overturn Windows Kernel: backdoor program" developed a tool called VICE that can call tables and function pointers to systematically capture API fraud.
 
3. Learn about the latest anti-virus and malware protection programs. Security vendors such as F-Secure provide separate backdoor program detection tools. Microsoft has implemented backdoor program detection features in its own malware removal tool. It is important to select the best scanning tool for backdoor program detection and use it as part of the overall security protection, but you may need to perform manual search.
 
4. firewall protection upgrade. Remember that potential attacks may be quite concealed. Once the server is stolen, hackers will be able to log on to this machine again. Although the firewall has no way to address application-level risks, it will pose a major challenge for hackers to prohibit logon to the attacked machine again.
 
5. Reinforce workstation or server to respond to attacks. First, this proactive approach prevents hackers from installing backdoor programs on workstations or servers. Refer to the Guidelines for hardening Windows systems released by the US National Security Agency.
 
How do I remove a backdoor?
 
It is relatively easy to install Backdoor programs on affected hosts. To upload a backdoor program, hackers may do anything to find Windows vulnerabilities to crack passwords or even gain access to physical systems. They can even launch phishing attacks, where hackers can lure users into opening executable files in attachments or clicking hyperlinks in emails or instant messages. Once you perform these operations, it is difficult to get rid of the backdoor program.
 
As the threats to backdoor programs are not as common as viruses and spyware, removing them is mainly a response process. Once malware is discovered, you need to clear infected Windows files and perform a secondary check after removing the backdoor program.
 
What backdoor removal tools are available?
 
Microsoft's Windows encryption, Microsoft Security software Microsoft Security Essentials, and Windows BitLocker drive encryption can help remove Backdoor programs. In addition, according to Microsoft, Windows 8 will include enhanced security features.
 
In addition to the Sysinternals and F-Secure security products mentioned above, there are also third-party suites that can remove Backdoor programs in Windows.
 
For example, Sophos Anti-Rootkit has an installer that must be run manually. This program can interact more with users, but it scans the system more slowly. Another backdoor scanning program is Rootkit Hook Analyzer. You can try all the above products to find out which products best meet your needs.
 
Why do I need to back up the backdoor before removing it?
 
Do not forget to perform proper backup before removing Backdoor programs and botnets, which makes restoring the system easier. According to security expert Kevin Beaver, using a cleaning tool to remove a backdoor may make Windows unstable or inoperable, depending on the infected file and subsequent cleanup operations. Even worse, a well-coded backdoor may detect the removal process and destroy itself, destroying data in the system together.
 
Read the User Guide to determine what Special Operations your scan tool requires when removing a backdoor program. After detecting and clearing the backdoor program and restarting the Windows operating system, scan the system again and check again to ensure that the system is clean and the malware does not reappear.
 
In addition, the best way to Remove Windows security threats is to prevent malware from affecting enterprise systems and important systems connected to the enterprise network.
 
Is it still a bit paranoid about backdoor program infection? Are you sure your system is clean enough? The best and most reliable method is to repartition, reformat and reload the Windows operating system. Restoring the Windows system is painful, but it is the best way to close Backdoor programs that cannot be removed.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.