Let the anti-black stick to the end and easily sweep the light

Source: Internet
Author: User
Tags ssdt

Since the birth of viruses and Trojans, the network has almost no quiet day, and its destructive power is also obvious to all. The system is paralyzed, the hardware is damaged, and other exceptions occur. I thought this was over, but I didn't expect the rogue program to attack again. Here, some smart friends may use the anti-Black tool to drive away the above malicious programs, however, the anti-Black weapon that once accompanied us on the battlefield for many years is a bit exhausting. At this time, you may wish to let the snipesword5.0.1.3 (xiaojian) software take over the baton and stick it to the end.

TIPS:Snipesword5.0.1.3 () is a powerful Security Anti-Black tool that includes self-startup items (including hidden drivers and services), process management, SSDT, Shadow-SSDT, and FSD detection and recovery. In addition, its built-in system monitoring function can provide malware to monitor file and registry modification, so that we can manually scan and kill Trojans and malicious programs, in addition, it is also one of the few anti-Black tools that can compete with icesword. It is a very good anti-Black tool.

1. Search for trojans from Process Monitoring"
Snipesword5.0.1.3 (xiaojian) software does not need to be installed. As long as you download it from the Internet to a local computer, you can double-click the client program named "SnipeSword" in it, open the software operation interface (1 ). First, the three functional columns on the left are printed. The kernel column is opened by default. We click the "Process Management" tab in it, the editing area displays all program processes running on the current system. If you find a suspicious process exists based on the path address provided in it, you can right-click the process above it and select "Stop process" or "suspend process, to stop the running of malicious programs. In addition, you can also check the functions in SSDT check, FSD check, and Shadow check if you want. Of course, this does not rule out that you do not understand the function, but it does not matter whether you can skip it for the next operation, do not affect our final judgment on the Trojan.


Figure 1

2. Looking for clues about trojans from registry monitoring
The registry contains information that Windows continuously references during running, for example, the configuration file of each user, the application installed on the computer, and the attribute table settings of the document type, folder, and application icon that each application can create, and what hardware and ports are being used on the system. Therefore, if Trojans and viruses are to be stored in a local computer, they will also leave their "malicious footprints" in the registry ".

To make it easy to check the monitoring registry records, click the "Registry" button on the left. The column shown below shows a function record for registration monitoring, the "self-starting program" option is ranked first by default. Select the function name. After a moment, the key value of all the startup programs in the current system is displayed in the editing area. Because each program has its own startup key value, if many applications are installed in your system, the startup key value will increase with the increase of the program. Too many key values will inevitably be dazzled, it is easy to miss the key value, but it is still very tiring.

To quickly and accurately check the malicious startup value, we use the digital signature function provided by the software to check the value. Here, we only need to right-click the name of "any startup key value, select the "Digital Signature Verification" option to perform Digital Signature Verification for each start value of the system, and the start value after digital verification is displayed as a blue question mark (2 ). We must carefully check these blue unknown boot items. They are probably the startup key values of Trojans and viruses. Then I dragged the slider, it is found that the company and file description are empty. Generally, normal programs are described here, so it is enough to indicate that the name is a malicious startup value. For a malicious startup value that can be proved, you only need to right-click the name bar above it and select the "delete files at the same time" option to delete the file together with the file.


Figure 2

In addition, a Trojan may also exist in the registry key. In this case, click the "registry key scan" tab to start scanning and detecting the registry key on the local machine. After the detection is completed, it will display the built-in Microsoft program items in the system at a Glance by default, which will cause unnecessary trouble for us to detect malicious items, therefore, you can right-click the "any options" tab and select the "Hide Microsoft signature" option in the pop-up shortcut menu to hide all of its Microsoft Security items, this reduces the unnecessary inspection workload. In addition, when you check the registration items, you may find that their company and file descriptions are empty. It seems that such items are irrelevant to virus Trojans, you can right-click this item and select the "Clear Registry" option to completely remove it from the registry. In addition to the registry key for detecting Trojans and viruses, the software also provides the function of automatically clearing the system, which helps you solve problems in daily life without occupying system resources, this allows your system to run faster than before.

In addition, personal privacy is also a headache for everyone. For example, when you manually delete the system and automatically record IE, the first problem is that the system has been installed for a long time, it stores a large amount of record data, and it is difficult to delete it all at a time. In addition, due to a large amount of data, accidental deletion of records may easily occur, and the consequences may be unimaginable. So to avoid this, you can rely on the "privacy management" function of the software to right-click the "any record information" in all records displayed in the editing area, select "delete all" to delete all information automatically recorded in the system (3 ).


Figure 33. file management is very important
Like other similar software, snipesword5.0.1.3 also provides file management functions. You only need to click the "file bar" button to expand the functions. The damaged files can be repaired. However, you need to insert the system disk to the optical drive to fix the file. If you want to know which file is modified by viruses and trojans on the local machine, you can click "file monitoring" to view the file so that we can quickly restore the changed file. If sometimes, when a trojan quietly runs files in the system in the background, the software also prompts related prompts and intercepts them. Of course, we do not exclude the files we run here. The software will also prompt and intercept them. Therefore, for files that we often use, right-click the "trusted file" editing area and select the "add" button to find the frequently used files to be loaded. Then, you can add them to the trusted file list (4 ). The file added in the editing area will be running in the future, and the software will not give us a warning, except for other files. For files that are not added to the trust list and are secure, you can select the "Allow once" or "Credit Program" option to enable the "road" for interception ", so that the program can run normally.


Figure 4

Conclusion:The powerful anti-Black feature of snipesword5.0.1.3 and its refined classification are rare in the world. I have already introduced the overall strength of this tool. It will never be applied to the famous icesword anti-Black tool. It is also very simple and suitable for beginners of computers. However, the only pity for the author is that the software is a paid software, and 150 yuan is required to purchase a formal version of the software, but fortunately the software provides a trial version, its functions are the same as those of the official version, but every 5-30 minutes after it is started, it will be forced to be disabled and unstable. Therefore, it is recommended that users with good conditions purchase the official version to stick to the end.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.