Manually eliminate new viruses

Reprinted from: http://zhigang0909.blog.163.com/blog/static/582896532007921142520/

 

Manual elimination of new viruses (1)
The most terrible thing about surfing the internet is when new viruses come out. Although we have installed various powerful anti-virus software on our computers, we also configured regular and automatic updates to the virus database, however, the virus is always updated before the virus database, so the number of attacks won't be a minority each time. Here we will list some common anti-virus methods and manually use the tool that comes with the system to kill the virus:
1. Be sure to back up the system process with tasklist before you do it yourself.
All new viruses have learned to use processes to hide themselves, so we 'd better back up the computer process list while the system is normal. Of course, we 'd better not run anyProgramIn this case, you can compare the process list to find out the process that may be a virus when the computer is abnormal.
Enter:
Tasklist/FO: CSV> G: zc.csv
The preceding command output is in the format of csvcsv to the latest zc.csv file. G: the disk you want to save. You can open the file in Excel.

2. When you do it yourself, you must be eye-catching-use FC to compare the process list files. If you feel that your computer is abnormal or you know that there is a virus recently, check it.
Enter the command prompt and enter the following command:
Tasklist/FO: CSV> G: yc.csv
Generate a previous yc.csv file list, and enter:
Fc g: \ zccsv G: \ YC. CSY
Abnormal process.

Iii. When determining the port, remember that the evidence is conclusive-use netstat to check whether the port is a virus for such suspicious processes? According to most viruses (especially Trojans), the virus is transmitted through external connections through the port. You can check the port occupation.
Enter:
Netstat-a-n-o
The parameter description is as follows:
A: displays information about all ports that are connected to the host.
N: displays the PID of the port opening process.Code
O: Display address and port information in digital format
By viewing the network program running on the local machine, you can determine that this is an illegal connection!
The connection parameters are as follows:
Listeninc: indicates that the listener is in the listener State. That is to say, the port is open and is waiting for connection, but it is not connected yet. Only the TCP Service port can be in the listeninc state.
Established means to establish a connection. The two machines are communicating. Time-Wait indicates that the connection has ended. It indicates that the port has been accessed but the access is over. It is used to determine whether an external computer is connected to the local computer.