How to quickly clear Trojans and viruses in the system

How to quickly clear Trojans and viruses in the system
What hackers need to do after intrusion is to upload a trojan backdoor. In order to prevent the uploaded trojan from being detected, they will try their best to disguise it. As the victim, how can we detect disguise and clear all Trojans in the system!I. File bundle Detection
Bundling Trojans in normal programs has always been a common means of Trojan camouflage attacks. Next, let's take a look at how we can detect the Trojans in the file.
1. MT bind nemesis
As long as a Trojan is bound to the file, the file header pattern will certainly show a certain rule, and the MT bundle is determined by the file header pattern of the analysis program. After the program runs, click the Browse button, select the file to be checked, and click the analyze button on the main interface, in this way, the program automatically analyzes the added files. In this case, we only need to check the number of executable headers in the analysis results. If there are two or more executable file headers, this file must have been bundled!
2. Find the trojan bundled in the program
It is far from enough to detect that a trojan is Bound to a File. You must also ask "agents" such as "Fearless Bound File Detector" to clear the Trojan.
After the program runs, you must first select the program or File to be checked, and then click the "Process" button on the main interface. After the analysis is complete, click the "Clean File" button, in the displayed warning dialog box, click "yes" to confirm that the trojan is bound to the program.
Ii. Clear DLL-type Backdoors
Compared with file bundling, DLL insertion Trojans are more advanced and have the features of no process and no port opening, which is hard to find. Therefore, the steps for clearing are a little more complex.
1. End the Trojan process
Because this type of Trojan is embedded in other processes, it does not generate a specific project in the process viewer. If we find an exception in our system, you need to determine whether the DLL Trojan is in progress.
Here we use the IceSword tool. After running this program, the system will automatically detect the running processes of the system, right-click the suspicious processes, and select "module information" in the pop-up menu ", in the pop-up window, you can view all DLL modules. If you find any project with unknown experience, you can select it and click "Uninstall" to delete it from the process. For some stubborn processes, we also click the force release button, and then delete them directly in the folder through the address in the module File name column.
2. Find the suspicious DLL module
Generally, users are not familiar with calling DLL files, so it is difficult to determine which DLL module is suspicious. So ECQ-PS (Super process King) can come in handy.
After running the software, you can see all the processes in the current system in the middle list. After you double-click a process, you can click the "all modules" tab in the window below, the detailed information is displayed, including the module name, version, vendor, and creation time. The comparison between the manufacturers and the creation time information is important. If a system-critical process is like svchost.exe, but the result is called by an unknown manufacturer module, the module must be faulty. In addition, if the vendor is Microsoft, But the creation time is different from that of other DLL modules, it may also be a DLL Trojan.
In addition, you can directly switch to the "suspicious module" option. The software will automatically scan the suspicious files in the module and display them in the list. Double-click the suspicious DLL module in the scan result list to view the processes that call this module. Generally, multiple processes in each DLL file are called. If only one process is called, it may also be a DLL Trojan. Click "Force import and delete" to delete the DLL Trojan from the process.
Iii. Thorough Rootkit Detection
No one can check the ports, registries, files, and services in the system all the time to see if Trojans are hidden. At this time, I can use some special tools for detection.
1. Rootkit Detector clear Rootkit
Rootkit Detector is a Rootkit detection and removal tool. It can detect multiple rootkits in Windows, including the famous hxdef.100.
You can simply run the program name "maid" in the command line. After the program runs, a system column hidden project detection is automatically completed, and the Rootkit program and service running in the system are found. A red flag is used to remind you and try to clear it.
2. Powerful Knlps
In contrast, Knlps is more powerful and can specify to end a running Rootkit program. Run the "cmdknlps.exe-l" command in the command line to display all the hidden Rootkit processes and the corresponding process PID. After finding the Rootkit process, you can use the "-k" parameter to delete it. For example, if you have found the route for accessing svch0st.exe”and the pidnumber is interval 3908133, you can enter the command "Abort knlps.exe-k 3908" to stop the process.
Iv. Clone account Detection
Strictly speaking, it is no longer a backdoor Trojan. However, he also created an account with administrator permissions in the system, but we checked it as a member of the Guest group, which is very easy to paralyze the administrator.
Here we will introduce you to a new account clone detection tool LP_Check, which can be used to check clone users in the system!
The use of LP_Check is extremely simple. After the program runs, it compares the user accounts and permissions in the Registry and the "Account Manager". We can see that the program has detected a problem with the Guest account, and marked with the red triangle in the list, then we can open the user management window to delete it.
It is believed that the system can be restored securely through the introduction. However, to completely avoid Trojan attacks, you still need to understand the basic knowledge.