Search and clear Trojans and viruses

The emergence of Trojans makes us lose not only computer control, but also privacy, money, and even reputation. Trojan prevention has become one of the most important issues in the security field. At present, Major antivirus vendors still stop scanning and killing the virus database, which keeps us one step slower. Many tutorials are required to manually clear Trojans. In fact, as long as we have basic security knowledge, we can completely defend against Trojan attacks. 1. Identify Trojans
In essence, Trojan is a remote control software. However, remote control software is also categorized. In general, it is justified to help you remotely manage and set up computer software, such as the remote assistance function provided by Windows XP, which will appear in the system taskbar during running, it clearly tells the user that the current system is under control, while Trojans will sneak into your computer for damage and run by modifying the registry and bundling it on a normal program, it makes it difficult for you to find its trace.

Generally, a personal system can have up to 137, 138, and 139 ports after it is started. If there are other ports for surfing the Internet, this is enabled when the local machine communicates with the online host, IE usually opens continuous ports: 1027, 4000, 4001, etc., QQ will open ...... You can run the netstat-an command to view the current port status of the system.

 

 

Another difference between a Trojan and a common remote control software is that the remote control functions implemented by the trojan are richer, which not only implements the functions of the general remote control software, it can also damage system files, record keyboard operations, steal passwords, modify the registry, and restrict system functions. In addition, you may become an accomplice to the horse-raising personnel. The horse-raising personnel may also use your machine to attack others and let you back up the box.

Ii. Trojan propagation Channels
Generally, Trojan horses are spread in the following ways:

The most common is the use of chat software. For example, if a trojan is found in your QQ friend, this trojan is likely to run QQ on the friend's machine and send a message to you, trick you into opening a link or running a program. If you accidentally click or run it, the trojan will secretly run in.

Another popular method is file bundling, such as bundling with image files. When you browse images, Trojans will also sneak in. Horse-raising on webpages is also a common method, A hacker puts a Trojan on a webpage and tricks you into opening it. You only need to browse this page and you may be tempted.

The last commonly used method is to plant machines in Internet cafes. The security of machines in Internet cafes is poor, and hackers can also directly work on machines. Therefore, there are many machines with horses in Internet cafes. There is also a high probability of Trojan attacks when surfing the Internet in Internet cafes. In addition, these methods may work together to attack you.

Another method is to use code to embed Trojans into webpages. When you access a webpage, you will be tempted.

Iii. Trojan Detection

You can check whether a trojan is contained in a local computer in the following ways:

First, check open ports. As remote control software, Trojans also have the features of remote control software. In order to contact its host, it must open a door (that is, a port) for itself. Therefore, we can check the port opened by the machine to determine whether a trojan is going through. Run the netstat-an command mentioned above. "ESTABLISHED" indicates the port that has been connected, and "LISTENING" indicates the port that is opened and waiting for others to connect. Search for suspicious elements such as 7626 (Ice Horse Trojan) and 54320 (Back Orifice 2000) on the open port.

Check the Registry. To enable functions such as system startup, Trojans modify the Registry. You can view the Registry to find traces of Trojans and enter "regedit" in "run ", press enter to open the Registry Editor,

Go to: HKEY_CURRENT_USERSoftwaremicrosoftWindowsCurrentVersionExplorer, open the Shell Folders, User Shell Folders, Run, RunOnce, and RunServices subkeys respectively, and check whether suspicious content exists.

 

 

Go to HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorer and view the content in the preceding five subkeys. Once you find a program you don't know, you need to be vigilant.

Check the system configuration file. Many Trojan Files modify the system file, while the win. ini and system. ini files are the two most frequently modified software. We need to perform regular health checks. Handler is the trojan program name), so you must be very careful. This is probably the main program of the Trojan. If it is another program, it may also be a Trojan.

In addition, you can also determine whether a trojan exists in the system by checking the system process and using the dedicated trojan detection software.

Iv. Trojan defense
Mshta.exe executes the hta file. Some websites use this program to run malicious hta files. Search for the mshta.exe file in the system and rename it. Then, input the parameter "cmdname windows‑commander" in the "cmdname" operation, and rename "debug.exe" and" ftp.exe "in the" cmdname "operation.

Open the Registry Editor, locate HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet assumeractivex Compatibility, find the "Active Setup controls" sub-Key (if no sub-key needs to be created manually), and then create a sub-key under it, name it {rjb6015c}, right-click the blank area on the right, select "New Key"> "DWORD Value", name it "Compatibility", and set the key value to "0x00000400.