The starved Trojan is offered in advance.

Source: Internet
Author: User

MM's QQ password was stolen again, and his friend's 1,000,002 silver was stolen again ...... As a common user, how can we prevent, respond to, and minimize the loss of undefended Trojans? Of course, the most important thing is to tighten the fence-patch the operating system in time; reject Trojans thousands of miles away-do not download or run programs of unknown sources, these have been described in detail in previous articles. Today, let's talk about how to identify the first line of defense and prevent trojans from being hacked into the computer?

1. Don't give permissions, starve Trojan

In Windows 2000/XP/2003 and other systems, you can join groups with different permissions, such as Administrators, Power Users, and Users, with different levels of operation permissions. If you usually access the Internet to view news, play games, chat, and write text processing images without frequently loading or unloading software, you may wish to hide the administrator, use a low-Permission user account.

Create a new user through "Control Panel → User Account", install common software, and add it to the restricted user (Users) group. Restricted Users can run most of the programs normally, but cannot write the system's heart-system directory and registry. This operation requires a prerequisite that the C disk should adopt the NTFS format.

Trojans and other malware have a special hobby: they often prefer to hide in the system directory and modify the registry for automatic loading. This method restricts the penetration of Trojans to a large extent. Even if the trojan has already entered the hard disk, it will not have the permission to perform the corresponding operations, effectively reducing the destructive power of the Trojan, and will not damage the system in the process of killing the trojan afterwards.

However, some software requires an administrator account to run normally, or sometimes we need to install some software. Currently, the account has insufficient permissions. What should I do? Switching users is too troublesome and it is easy to give Trojans a chance. So, use the following method to implement it!

Right-click the program, select "running mode", select the appropriate account, and enter the corresponding password. In this way, the software can run in other accounts, but it has nothing to do with the current account. Although it is a little more difficult to directly log on to the administrator account, it is still worth the security guarantee.

2. Check Accounts frequently, except for non-fast customers

The importance of account information security is self-evident. Hackers often create an account in your system, or escalate the permissions of an ordinary account to achieve behind-screen operations. This is often a problem that is easily overlooked by common users, therefore, we need to develop a habit of checking accounts frequently.

Open "Administrative Tools> Computer Management> local users and groups". All current account information is enumerated here. We need to pay attention to whether there are too many unknown names or who secretly upgraded them. For example, the notorious lovgate virus creates an account named "lee" on the infected computer.

However, sometimes an unexpected visitor may not be "winning", for example, installing Microsoft. net Framework, the system automatically creates an ASP.. NET account. This is normal, so you don't have to worry about it.

In addition, you must perform security work on your existing account. If this is not necessary, you can disable the Guest account. In addition, you must add a password to the Built-in Administrator account Administrator and "change the password" to prevent intruders from performing the following actions: rename the system Administrator account through "Administrative Tools> Local Security Policy> Local Policy> Security Options> account" to change the Administrator name that is not easily guessed by others.

3. Close the gate and check for access

Trojan or other malicious programs. If you cannot keep in touch with the Releaser, you will lose the power. Therefore, the city gate is our last line of defense.

First, disable some dangerous ports. Open "Administrative Tools> Local Security Policy> IP Security Policy, on the local computer", right-click on the right pane, and select "create IP

"Security Policy" command, and then set it step by step according to the wizard, add ports such as TCP135, 137, 139, 445, 593, 1025, 2745, 3127, 6129, and UDP 3389, 135, and 139 respectively. These ports are closed to prevent intruders from using these channels.

Next, install a suitable firewall. ZoneAlarm, BlackICE, Kaspersky Anti-Hacker, XELIOS Personal Firewall and other functions are powerful. If you suspect that these settings are complex, you can also choose tianyun, Kingsoft drug overlord network personal firewall, rising star personal firewall, and so on. They are like those who open the door. Every entrant will be checked to see if there is a "Good Citizen Certificate": if it is confirmed to be reliable, it will be allowed directly. If a stranger wants to secretly carry intelligence to escape, I'm sorry to block it.

4. Capture the "horse"

Once a trojan or other malicious program is infected, the system will inevitably show some special signs. If you detect and handle it as soon as possible, you can minimize the loss. Do not let go of the following "Traces.

1. The password is changed and the gold coins are stolen. Although the loss has been caused, the loss can at least avoid more losses.

2. Kill software is disabled. Many Trojan Horses automatically disable anti-virus software. If they find that the anti-virus software firewall is exited and cannot be started, they must not be ignored to eliminate the problems of the system or the anti-virus software itself, it is very likely that the trojan or virus is better at first.

3. a pop-up window. When you open the notepad or other software, there will be a vague window flashing, which is likely to be because the trojan or virus has been parasitic on the normal program.

4. Strange processes. You can call up the task manager by pressing Ctrl + Alt + Del. First, you must be familiar with the normal processes of the system. If a strange process appears, check it out.

5. The name of the mixed object or the program with misplacement. (Normally, it should be in windowssystem32 and windowssystem32dllcache ).

6. Start the project with your own passion. You often use "msconfig" to view the startup project. If you load the project without permission, check its identity.

7. hijack the browser. Use hijackthis to help send all the kidnappers out of the system.

8. Run "netstat" to check the connection status of the current network and whether there are secretly reporters.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.