When you feel a virus in your system, the first reaction is to try anti-virus software. If you want to quickly determine the security status of the current system, you can use several commands in the "command prompt" to check whether the system is poisoned. The speed is far higher than that of anti-virus software.
TIPS: common viruses are slow, accounts are stolen, webpages need to be opened for half a day, Advertisement Windows are constantly popped up, files cannot be executed, etc, some powerful viruses will invalidate your anti-virus software and security software. When you encounter the above problems, the first task is to find and terminate the virus process, so that the virus temporarily stops working, and then use the methods described in this article to cooperate with anti-virus software for thorough detection and removal. When using anti-virus software, we recommend that you restart your computer to go to safe mode for full-disk scanning and removal.
Process query-tasklist
The Tasklist command is used to display all processes running on a local or remote computer. It can be used as follows: click "start"> "run ", enter "cmd" to run "command prompt", enter "Tasklist" and press Enter. All processes in the current system are displayed. What we need to do is to check whether there are any unfamiliar processes in these processes. Of course, you need a little manual anti-virus experience. After the dangerous process is found, you can use the "Tasklist" command partner-"Taskkill" command to end the process. First, use the "Tasklist" command to query the PID value of the dangerous process, and then enter the command "Taskkill/pid 1234" to end the process. "1234" is the PID value of the dangerous process.
Process query-tasklist
Tip: Taskkill can end processes that cannot be completed in the "Task Manager", including system processes. It is very good for the process of ending stubborn viruses.
Service Query -- net start
Many viruses will register themselves as system services, so that they can be started with the system. To query services in the system, you only need to enter the "net start" command in the "command prompt". After you press enter, all services in the system will be displayed. The method for stopping a service is "net stop service name". For example, enter "net stop G_Server" and press enter to end the service of the gray pigeon Trojan. The command to enable the Service is "net stop service name ".
Service Query -- net start
Query port information-netstat
Trojans lurks in the system and open a port to communicate with hackers. Many rogue software also open the system port to collect and send user information. Therefore, the port is also an important part of determining system security. The "netstat" command displays network connection, route table, and network interface information, allowing you to know which network connections are currently in operation.
Query port information-netstat
To query the port opened in the system, enter "netstat-an" in the "command prompt" and press enter to display the port opened on the local machine. "Netstat" displays the executable program that opens the port while opening the port, so that we can know the location of the Trojan file and delete it with security tools.
Hacker account detection-net user
After hackers intrude into our computers, they usually create an account to facilitate the next intrusion. Therefore, the system account is where we must query it. You can easily use the "net user" command. When the "net user" command is used in the "command prompt", all existing accounts in the current system can be listed, generally, there are only "administrator" and "guest" accounts. If there is a strange account, be careful. It is likely that hackers leave the account. To delete an account, enter "net user account name/del", and press Enter.
Hacker account detection-net user