Drop antivirus software command line Anti-Virus

Anti-virus, many people think it is necessary to use specialized anti-virus software. It is true that virus removal is much easier when anti-virus software is available. However, in practical applications, many computers do not have anti-virus software installed. In this case, how should we do it with bare hands? Here I will introduce five anti-virus experts!

1. Easily identify unknown processes-Tasklist
Generally, viruses and Trojans run in a certain process. To view a process, you usually want to open the task manager and view the process directly in the process tab, not to mention that some viruses will prohibit the running of the task manager, there are many hidden processes in the process tag that cannot be viewed, and even the information of the processes that can be viewed is limited. In this case, try tasklist.
First, enter "cmd" in "run", Press enter to enter the Command Prompt window, and then enter tasklist to display all running processes. However, the process information displayed at this time is relatively simple, and it cannot be determined whether it is harmful. In this regard, we can continue to execute tasklist/m to view the dll module loaded by each process task, and run tasklist/svc to understand the list of active services in each process. Through the dll files and services loaded by a specific process, we can identify whether the process is harmful.

2. easy process shutdown-Ntsd
When we see dangerous processes, we need to shut them down. To close these processes, sometimes the "process" tab in the task manager cannot be closed. At this time, the other anti-virus experts will be used.
When you run Tasklist to view process information, the process information list contains a PID column, which finds and records the PID value of the affected process, then run "ntsd-c q-p PID value" on the command line to disable all processes except the system's core processes.
If you do not like to use the tasklist command to view the PID value, you can directly open the Task Manager window, open the "View" menu in the "process" tab, and select the "Select column" command, select "PID" so that you can directly view the PID value in the "process" tab.

3. view the Open Port-Netstat
Trojan viruses spread over the network, causing harm. They are all done through open ports on the computer. These open ports are equivalent to a fan of unattended doors.
In this case, Run "Netstat-a" at the DOS prompt to display the open connection information for all ports. The Proto in the information indicates the connection protocol, which is generally TCP and UDP. The Local Address is the Local name and Address, and the port number after the colon is the open port number, foreign Address indicates the Address of the remote connection, and State indicates the connection status. If the status is Established, the connection has been Established. If the status is Listening, the connection request is monitored. If a strange port is found to be in the listening or connection status, further check for Trojans.

4. uncover the secrets behind the scenes-Find
In most cases, Trojans run on unknown files. bundling Trojans in files is the most common method to hide Trojans. Therefore, before running such files, we can use the Find command to check whether other files are bound.
Enter "Find/c" This Program "check file path" in the command prompt, for example, "Find/c" This Program "d:/itedit.doc". After the command is executed, if it is displayed as 0, it is normal. If it is greater than 0, other files may be bundled. However, if the EXE file is checked, the returned value is 1, which is considered dangerous only when the value is higher than 1.

5. Registry guard-FC
The Registry is also a place where many viruses, Trojans, and malware attacks occur. If you want to check whether the modification is made, you can make preparations in advance. Run "regedit", open the Registry Editor, select the root key, and open the "Export" command under the "file" menu to export a source backup file for the normal registry.
Next, you only need to check the registry again, and then run "FC/u source file. reg comparison check file. reg> change.txt.pdf" at the command prompt. After running the command, we only need to open the change.txt file under the current directory to learn more about registry changes.

After learning about the outstanding performance of these five strong men, are they impressed by their capabilities! In fact, as long as we are good at mining, there are still many good things in the system. Using these things well will bring great convenience to our applications.