Run a simple command to check whether there is a trojan in the computer.

Abstract: I suspect my computer has a trojan? Don't worry. A simple command will let you know whether your judgment is correct.
Some basic commands often play a major role in protecting network security. The following commands play a very prominent role.

Detect Network Connections

If you suspect that someone else has installed a Trojan on your computer or is infected with a virus, but you do not have a complete tool in your hand to check whether such a thing has actually happened, you can use the network commands that come with Windows to check who is connecting to your computer. The specific command format is: netstat-an. This command can be used to view all the IP addresses that are connected to the local computer. It contains four parts: proto and localaddress), foreignaddress (the address for establishing a connection with the local device), and state (the current port status ). With the detailed information of this command, we can fully monitor the connection on the computer to control the computer.

Disable unknown services

Many friends may find that the computer speed slows down after the system is restarted one day. No matter how slow the optimization is, no problem can be found with anti-virus software, at this time, it is very likely that someone else opens a special service to you by intruding into your computer, such as the IIS information service, so that your anti-virus software cannot be found. But don't worry. You can use "netstart" to check whether any service is enabled in the system. If you find that it is not a self-opened service, we can disable it in a targeted manner. You can directly enter "netstart" to view the service, and then use "netstopserver" to disable the service.

Easily Check Accounts

For a long time, malicious attackers like to use the clone account method to control your computer. The method they use is to activate a default account in the system, but this account is not commonly used, and then use tools to escalate this account to administrator permissions. On the surface, this account is still the same as the original one, however, this cloned account is the biggest security risk in the system. Malicious attackers can use this account to control your computer at will. To avoid this situation, you can use a simple method to detect the account.

First, enter netuser in the command line to view some users on the computer, and then use "netuser + User Name" to view the permissions of this user, except that the Administrator is in the administrators group, none of them! If you find that a system-built user belongs to the administrators group, you are almost certainly intruded, and someone else cloned your account on your computer. Use "netuser username/del" to delete this user!