Teach you to hand-chop "gray pigeon" Trojan

Speaking of Trojans, the most malicious and fear should be remote control Trojan, imagine, when you operate the computer merrily, and mm chat hot, behind a pair of evil eyes staring at you all, this feeling is not creepy? And in the remote control Trojan, the most domestic users should be familiar with is " Gray dove "Trojan." As the originator of the domestic remote control Trojan, "gray pigeon" after several years, updated countless versions, until today is still the number one on the network public Enemy. This issue let us learn about the "gray Pigeon" Trojan manual removal method.

★ Editorial Tips: "Gray pigeon" in the past and present life

"Gray Pigeon" is the famous domestic remote control Trojan horse. Its rich and powerful functions, flexible operation, good concealment so that the other rear doors are dwarfed.

Why would "gray doves" become enemies of the Internet? This is inseparable from its powerful function. The first is the bounce connection function, "Gray pigeon" is the first use of the rebound connection function of the remote control Trojan, breaking the traditional active connection to the drawbacks of the Trojan horse, the function so that "gray pigeon" suddenly become a domestic hacker's initial glare is its hidden, "gray pigeon" The birth of the beginning, That is, the strong hidden and anti-killing ability to antivirus software manufacturers headache, and finally had to release the special Kill tool to clear.

After 2007, the "Gray pigeon" Trojan Horse stopped development, but its enthusiasts are not willing to this famous brand decline. Until today, "gray pigeon" is still constantly updated, of course, this is the fans themselves developed and modified the results.

Why is "gray pigeon" difficult to clear? This is because the "gray pigeon" using the drive technology, in Windows, the permissions are very high, so the anti-virus software in its killing, as long as the system a reboot, "Gray Pigeon" will be revived. In fact, to deal with "Gray Pigeon", Master manual killing technology, than the use of any anti-virus software is effective. Let's take a look at how to manually delete "Gray doves".

End Process

The first step is to end the process of "grey pigeon" to invalidate the running "Grey pigeon". Of course, with Windows from the "Task Manager" is not, the function is too weak, not to force. We need a professional safety tool, "ice blade". Double-click the "Ice Blade" and click the "Process" button to detect the process in the current system.

Usually there are two situations where we have a process in which a red font appears in the list of processes, because the early "grey Dove" will inject DLL into the system process. Another scenario is a bogus system process, such as Svchost.exe, where normal svchost.exe looks like a blank icon in the ice blade, while a fake svchost.exe looks like a small computer icon. If the program name itself is suspicious, then this is the best thing to recognize at a glance, for example, ". exe" in this example. Right-click on the process and select "End Process". This "gray pigeon" is temporarily unable to run.

▲ the process of "grey pigeon"

Stop Service

End the process, and to prevent it from starting automatically, we also want to ban the process. Click the Start menu → run, enter "Msconfig" to run the System Configuration Utility, switch to the Services tab, and check the "Hide all Microsoft Services" option below. So the services for non-Windows systems are listed, and we're looking for suspicious services, in this case, "Windows."

▲ Service of "Grey pigeon"

We go back to the "ice blade" and go to the "service" function, find the "Windows" service corresponding to the application is exactly ". exe", located in the C:windows directory. Visible, this is the "Gray pigeon" service.

▲ Disable "Grey pigeon" service

It's a good way to go next. Right-click on the Windows service and choose Disable. Then enter the C:windows directory and delete the. exe file. So the "gray pigeon" was completely cleared away. In fact, not only "gray pigeon", other remote control Trojan can also follow such steps to manually delete.