Security Strategy: use simple commands to check whether a computer is installed with Trojans

Source: Internet
Author: User

Author: skid Source: CCID community time: 14:07:44

Some basic commands often play a major role in protecting network security. The following commands play a very prominent role.

Detect Network Connections

If you suspect that someone else has installed a Trojan on your computer or is infected with a virus, but you do not have a complete tool in your hand to check whether such a thing has actually happened, you can use the network commands that come with windows to check who is connecting to your computer. The specific command format is: netstat-An. This command can be used to view all the IP addresses that are connected to the local computer. It contains four parts: PROTO and local address), foreign address (the address that establishes a connection with the local device), State (the current port status ). With the detailed information of this command, we can fully monitor the connection on the computer to control the computer.

Disable unknown services

Many friends may find that the computer speed slows down after the system is restarted one day. No matter how slow the optimization is, no problem can be found with anti-virus software, at this time, it is very likely that someone else opens a special service to you by intruding into your computer, such as the IIS information service, so that your anti-virus software cannot be found. But don't worry. You can use "Net start" to check whether any service is enabled in the system. If you find that it is not your own service, we can disable this service in a targeted manner. You can directly enter "Net start" to view the service, and then use "net stop server" to disable the service.

Easily Check Accounts

For a long time, malicious attackers like to use the clone account method to control your computer. The method they use is to activate a default account in the system, but this account is not commonly used, and then use tools to escalate this account to administrator permissions. On the surface, this account is still the same as the original one, however, this cloned account is the biggest security risk in the system. Malicious attackers can use this account to control your computer at will. To avoid this situation, you can use a simple method to detect the account.

First, enter the net user in the command line to view some users on the computer, and then use "Net user + User Name" to view the permissions of this user, generally, administrators are in the Administrators group, but not administrators! If you find that a system-built user belongs to the Administrators group, you are almost certainly intruded, and someone else cloned your account on your computer. Use "Net user username/del" to delete this user!

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.