Tools used:
Tools used to scan and kill Trojans include EWIDO, Trojan Horse, Kingsoft Trojan Horse, Trojan removing master, and Trojan analysis experts. If you want to use all functions, you must pay a certain fee.
View the currently running services:
A service is one of the methods that many Trojans use to keep themselves running in the system. You can click "start"> "run"> "cmd" and enter "net start" to check whether any service is enabled in the system, if you find a service that is not opened by yourself, you can go to "service" in the "service" management tool, find the service, stop and disable it.
Check system startup items:
Because the registry is complex for common users, Trojans often prefer to be hidden here. To check the Registry Startup key, click Start> RUN> regedit and then check:
HKEY_LOCAL_MACHINE Software all key values starting with "run" in Microsoft Windows CurrentVersion;
HKEY_CURRENT_USER Software all key values starting with "run" in Microsoft Windows CurrentVersion;
HKEY-USERS Default Software Microsoft Windows CurrentVersion all key values starting with "run.
The System. ini in the Windows installation directory is also a place where Trojans like to hide. To open this file, we can see that, in the portable bootstrapping field of this file, there is no such content as shell‑policer.exe file.exe. if there is such content, then file.exe is a trojan!
Check the network connection:
Because many Trojan Horses actively listen on ports or connect specific IP addresses and ports, we can connect to the network without a normal program, check the network connection to find out the existence of the Trojan. Click Start> RUN> cmd ", enter the netstat-an command to view all the IP addresses connected to your computer and the ports listening to your computer. It contains four parts: proto (connection method) local address, foreign address, and state ). With the detailed information of this command, we can fully monitor the computer's network connection.
Check the system account:
Malicious attackers like to leave an account in the computer to control your computer. The method they use is to activate a default account in the system, but this account is rarely used, and then escalate the permissions of this account to administrator permissions, this account will be the biggest security risk in the system. Malicious attackers can use this account to control your computer at will. In this case, you can use the following methods to check your account.
Click "start"-> "run"-> "cmd", and enter the net user in the command line to view some users on the computer, then, use "net user username" to check the permissions of the user. Generally, except that the Administrator is in the administrators group, other permissions should not belong to the administrators group, if you find that a system-built user belongs to the administrators group, you are almost certainly intruded. Use "net user username/del" to delete this user!