How to clear Trojans

In the past few years, the network has become increasingly insecure. hacking tools are simpler than Word tools. Any cainiao can use tools to create powerful "Horse" attack weapons. Webpage viewing, email reception, and chat QQ may all be "Trampled" by the horse. If you don't pay attention to it, your personal information, account, password, and other important information will be "carried" by it. Do you know how to identify, capture, and drive? The following tactics will show you how to deal with these stubborn horses.

I. Xue bole recognizes Ma Shima

Trojan is essentially a remote control software. However, remote control software is also divided into regular troops and mountain bandits. As the name suggests, regular troops are just saying that they can help you remotely manage and set up computer software, such as the remote assistance function provided by Windows XP. Generally, such software appears in the system taskbar during running, clearly tells users that the current system is under control, while Trojans belong to mountain bandits, and they will sneak into your computer for destruction, and by modifying the registry and bundling it on a normal program, it makes it difficult for you to trace it.

Another difference between a Trojan and a common remote control software is that the remote control functions implemented by the trojan are richer, which not only implements the functions of the general remote control software, it can also damage system files, record keyboard operations, steal passwords, modify the registry, and restrict system functions. In addition, you may become an accomplice to the horse-raising personnel. The horse-raising personnel may also use your machine to attack others and let you back up the box.

2. Find the root cause and find the culprit

As an undesirable bandit, how does a trojan get into your system? There are generally the following main transmission methods:

The most common is the use of chat software, such as a Trojan in your QQ friends. This Trojan is likely to run QQ on a friend's machine and send a message to you, trick you into opening a link or running a program. If you accidentally click or run it, the horse will secretly run in. Another popular method is to buy one and send one, trojans will be bundled with some normal files, such as image files. When you browse images, Trojans will also sneak in. Horse-raising on webpages is also a common method, A hacker puts a Trojan on a webpage and tricks you into opening it. You only need to browse the webpage, but the last common method is planting in an Internet cafe. The machine security in the internet cafe is poor, hackers can also work on machines directly, so there are many machines with horses in Internet cafes. There is also a high probability of Trojan attacks when surfing the Internet in Internet cafes. In addition, these methods may work together to attack you.

3. How to find and kill Trojans

How can we determine if there is a trojan in the machine? Below are some simple methods to try.

Step 1:

View open ports. As remote control software, Trojans also have the features of remote control software. In order to contact its host, it must open a door (that is, a port) for itself. Therefore, we can check the port opened by the machine to determine whether a trojan is going through. Select "start"-"run", enter "CMD", and press enter to open the command line editing interface. Enter the command "netstat-an" in it (see figure 1 ), "ESTABLISHED" indicates the port on which the connection has been ESTABLISHED, and "LISTENING" indicates the port on which the connection is opened and waiting for others to connect. Search for suspicious elements such as 7626 (Ice Horse Trojan) and 54320 (Back Orifice 2000) on the open port.

Step 2:

View the Registry. To enable functions such as system startup, Trojans modify the Registry. You can view the Registry to find traces of Trojans and enter "regedit" in "run ", press enter to open the Registry Editor and navigate to: HKEY_CURRENT_USERSoftwaremicrosoftWindowsCurrentVersionExplorer. Open the Shell Folders, User Shell Folders, Run, RunOnce, and RunServices subkeys respectively, and check whether there is any suspicious content in them. Go to HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorer and view the content in the preceding five subkeys. Once you find a program you don't know, you need to be vigilant. It is very likely that the Trojan horse has been here for a visit.

Step 3:

View the system configuration file. Many Trojan Files modify the system file, while the win. ini and system. ini files are the two most frequently modified software. We need to perform regular health checks. Handler is the trojan program name), so you must be very careful. This is probably the main program of the Trojan. If it is another program, it may also be a Trojan.

In addition, you can also determine whether a trojan exists in the system by checking the system process and using the dedicated trojan detection software.

4. Close the door of the stable to defend against Trojans

And rename the region. Open the Registry Editor, locate HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet assumeractivex Compatibility, find the "Active Setup controls" sub-Key (if no sub-key needs to be created manually), and then create a sub-key under it, name it {rjb6015c}, right-click the blank area on the right, select "New Key"-"DWORD Value", name it "Compatibility", and set the key value to "0x00000400.