netspy

. Prevent the destruction of love worms If the "MSKernel32" key value is found in the right-hand window under Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun, delete it. 10. The "Interner option" in the "tools" bar of the IE menu is prohibited. The name of the C:windowssystem under the name Inetcpl.cpl renamed to Inetcpl.old or other names will appear prohibited use of the situation to change the names back, you can resume use. 11. Prevention of backdoor damage If the "Notepad"

under Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun, delete it. 10. The "Interner option" in the "tools" bar of the IE menu is prohibited. The name of the C:windowssystem under the name Inetcpl.cpl renamed to Inetcpl.old or other names will appear prohibited use of the situation to change the names back, you can resume use. 11. Prevention of backdoor damage If the "Notepad" key value is found in the right window under Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun

Trojan. Purge method: 1. Remove the network bull from the Start program C:windowssystemcheckdll.exe. 2. Remove all key values created by the network bull in the registry. 3. Check the files listed above, if found that the length of the file changes (about 40K increased, can be compared with other machines on the normal file comparison and know), delete them! Then click "Start → accessories → system tools → system information → tools → system File Checker", in the pop-up dialog box select "

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices, delete the key value cksys on the right and restart the computer. 8. Prevent BO2000 damage "Deleted" key value, it indicates BO2000 is in, delete it. 9. prevent the destruction of insects In HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun, if the "MSKernel32" key value is found in the right window, delete it. 10. Disable the "interner option" in the "Tools" column of the IE menu" Change inetcpl. cpl under c: window

Set 2 IP addresses for the same computerUnder HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ class \ nettransClick 0000, 0001,000 2... pay attention to the right window. When you find the value of the string "driverdesc" in the right windowFor "TCP/IP", modify the strings "IPaddress" and "ipmask" in the same window and set IPaddress to IP AddressFor example, "198.0.1.9, 198.0.1.7", set "ipmask" to the corresponding mask, for example, "255.255.255.0, 255.255.255.0"Find

, create or modify the string "bsdurgent" and set its value to 0. 13. prevent the destruction of keyboardghost If you find the kg.exekey value in HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/runservices, delete the values and find the kg.exe and kg. DAT files to delete them. 14. Search for NetSpy hacker programs Find the "NetSpy" key in the window on the right under HKEY_LOCAL_MACHINE/softwa

HKEY_LOCAL_MACHINESYSTEMCURRENTCONTROLSETSERVICESVXDMSTCP, create or modify the string "Bsdurgent" in the right-hand window, and set its value to 0. 13. Prevention of Keyboardghost damage If you find KG under Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrunservices. EXE, delete it, and look for KG.exe and kg.dat files and delete them all. 14. Find Netspy Hacker Program Under Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun,

, you can resume use. 7. Prevention of backdoor damage If the "Notepad" key value is found in the right window under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, delete it. 8. Prevention of WinNuke damage Under HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VXD\MSTCP, create or modify the string "Bsdurgent" in the right-hand window, and set its value to 0. 9. Prevention of Keyboardghost damage In hkey_local_machine\software\microsoft\windows\currentversion\ Ru

in the right-hand window under Hkey_local_machinesoftwaremicrosoftwindowscurrentversionrun, delete it. 10. The "Interner option" in the "tools" bar of the IE menu is prohibited. The name of the C:windowssystem under the name Inetcpl.cpl renamed to Inetcpl.old or other names will appear prohibited use of the situation to change the names back, you can resume use. 11. Prevention of backdoor damage If the "Notepad" key value is found in the right window under Hkey_local_machinesoftwaremicrosof

HKEY_LOCAL_MACHINESYSTEMCURRENTCONTROLSETSERVICESVXDMSTCP, create or modify the string "Bsdurgent" in the right-hand window, and set its value to 0. 13. Prevention of Keyboardghost damage In Hkey_local_ Machinesoftwaremicrosoftwindowscurrentversionrunservices If you find KG.EXE this key value, delete it, and find KG.exe files and kg.dat files, delete them all. 14. Find Netspy Hacker Program Under Hkey_local_machinesoftwaremicrosoftwindowscurrentversi

services provided by your server and the management methods you manage this server. For example, if your server is purely used as a web server and you manage it locally, you only need to allow data on port 80 to pass through. Each server has different purposes. The specific ports that should be opened are also different. Common ports and corresponding services are as follows: 20 = Ftp Data21 = FTP Open Server23 = Telnet25 = Smtp31 = Master Paradise.8053 = DNS, Bonk (DoS Exploit)79 = Finger80 =

is disabled, you can change it back to resume use. 7. prevent the destruction of Backdoor In HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run, if the "Notepad" key value is found in the right window, delete it. 8. prevent damage to winnuke In the window on the right under HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ VxD \ mstcp, create or modify the string "bsdurgent" and set its value to 0. 9. prevent the destruction of keyboardghost If you

can resume use. 7. Prevention of backdoor damage If the "Notepad" key value is found in the right window under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, delete it. 8. Prevention of WinNuke damage Under HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\VXD\MSTCP, create or modify the string "Bsdurgent" in the right-hand window, and set its value to 0. 9. Prevention of Keyboardghost damage In hkey_local_machine\software\microsoft\windows\currentversion\ RunService

see if there is a trojan on our computer. First, check the startup projects in the system. ini, win. ini, and Startup Group. Start from "-> Run", enter msconfig, and run the "System Configuration Utility" that comes with Windows ". 1. view the system. ini file Choose the "system.ini]" tab in the left-side Navigation Pane. The "bootstrapping" Directory will be displayed. The "Too shell‑policer.exe" line will be displayed"If this is not the case, the trojan may be in progress. As shown in the fol

are in the Trojan.Clear method:1. Delete the self-starting Program C: WINDOWSSYSTEMCheckDll.exe of the network bull.2. Delete all the key values created by the network bull in the registry:3. Check the files listed above. If the file length changes (about 40 K is increased, you can delete them by comparing them with normal files on other hosts! Click "Start> attachment> System Tools> System Information> Tools> System File Checker". In the displayed dialog box, select "extract a f

ports of glaciers are 7626, way 2.4 is 8011, NetSpy 3.0 is 7306, and Yai is 1024. 2. Divided by protocol type, can be divided into TCP, UDP, IP, ICMP (Internet Control Message Protocol) and other ports. The following describes TCP and UDP ports: (1) TCP port: namely, the transmission control protocol port. A connection must be established between the client and the server to provide reliable data transmission. Common include port 21 of the FTP servic

clearly define the service objects. Different programs can define these ports according to actual needs. For example, the remote control software and trojan programs described later will define these ports. Remember that these common program ports are necessary for protection and detection of Trojans. The ports used by common Trojans are listed in detail later.(3) Dynamic Ports) The range of dynamic ports is from 49152 to 65535. These ports are generally not allocated to a service, that is, man

layer) Port: 666Service: Doom Id SoftwareDescription: Trojan attack FTP, Satanz backdoor Open this port Port: 993Service: IMAPDescription: SSL (Secure Sockets layer) Ports: 1001, 1011Services: [NULL]Description: Trojan silencer, WebEx Open 1001 ports. Trojan Doly Trojan open 1011 ports. PORT: 1024Service: ReservedDescription: It is the beginning of a dynamic port, many programs do not care which port to connect to the network, they request the system forThey assign the next idle port. Based on

: 1025, 1033Service: 1025:network Blackjack 1033:[null]Description: Trojan Netspy open these 2 ports.Port: 1080Service: SOCKSDescription: This protocol passes through the firewall in a channel way, allowing people behind the firewall to access the Internet via an IP address. Theoretically, it should only allow internal communication to reach the Internet. However, because of the wrong configuration, it will allow attacks outside the firewall to pass t

How to remove Trojan tips: 1, by the Trojan client program The name and version of the Trojan are judged by the suspicious filenames previously found in Win.ini, System.ini, and the registry. For example, "NetBus", "Netspy" and so on, it is obvious that the corresponding Trojan is NetBus and Netspy. From the Internet to find its corresponding client program, download and run the program, in the client pro