How can I check if my computer is running a zombie Trojan?

How to delete zombie viruses, how to check bots, and how to delete zombie Trojans.

How Kingsoft drug overlord anti-virus experts summed up the six major phenomena of "bots" computers. When netizens encounter these phenomena, they need to be vigilant and remove the Trojans:

Symptom 1: Abnormal logon reminders for QQ and MSN

When you log on to QQ, the system prompts that the last logon IP address is totally irrelevant to you. For example, QQ reminds you that the last logon location was in Shenyang. Also, when you log on to MSN, a friend may send you a message asking you what you just sent, but you are very clear about what you have never sent to this friend.

Symptom 2: When logging on to an online game, you find that the device is lost or is not in line with your location when you went offline last time, or even cannot log on with the correct password.

Apparently, when you didn't log on to this game, someone else logged on for you.

Symptom 3: You may suddenly find that your mouse does not listen. When you do not move the mouse, the mouse will also move, and you will also click the relevant button for operation.

You are not moving. Someone is moving. Note that the moving track and performance of the mouse are different. You can feel that someone is moving your computer.

Phenomenon 4: when surfing the internet normally, it suddenly feels slow, and the hard drive lights are flashing, just as you are copying files

This is probably because attackers are trying to copy your files. When copying a large number of files, the disk read and write operations will obviously increase, and the system will also slow down. At this point, you should undo the network cable without hesitation and immediately check whether your system process is abnormal.

Symptom 5: when you are about to use a camera, the system prompts that the device is in use.

The attacker is stealing your camera. In this case, the camera's working status is invisible. It is strongly recommended that you cover the camera without using a camera. When attackers see a dark image, they will naturally understand what the problem is.

Symptom 6: when you are not using network resources, you find that the NIC lights are constantly flashing. If you set the status to display after the connection, you will also find that the NIC icon in the lower-right corner of the screen is flashing

Under normal circumstances, when you use less resources or do not need network resources, the network card flash will not be obvious, and the data traffic transmitted through the network will not be too high.

Finally, you can use some software to observe network activity to check whether the system is intruded.

1. Check the working status of the firewall software.

For example, Kingsoft network. On the network status page, the active network connection is displayed. Check the connection carefully. If you find that the software you are not using is connected to a remote computer, be careful.

2. We recommend that you use tcpview to clearly view the activity status of the current network.

The general Trojan connection can be viewed through this tool. The general Trojan connection is different from some well-constructed rootkit Trojans that use better hiding technology and are not easy to be discovered.

3. Use Jinshan cleaning expert for Online Diagnosis. Pay special attention to the process items for comprehensive diagnosis.

Cleaning experts will evaluate the security of each item. When encountering an unknown item, you need to be especially careful.

4. troubleshooting expert Baobao's Process Manager

Suspicious files can be found to help you easily check the location of dangerous programs