Quick Start Guide for new computer Trojan Avira Daquan

Often in the river walk, how can we avoid wet feet? So sometimes the Internet a long time, it is likely to be attacked by a Trojan in the computer kind. How to know the computer has not been installed on your system then?

First, manual methods

1, check the network connectivity

As the number of Trojans will take the initiative to the listening port, or will connect a specific IP and port, so we can connect to the network without the normal case, the situation with the situation by examining the network to discover the existence of Trojan horses. Specific steps is to click "Start" -> "Run" -> "cmd", then enter the command netstat-an to see all, and to connect their computers and their computer IP listening port, which contains four parts - proto (connection), local address (local connection address), foreign address (the address of local connection), state (current port status). For more information through this order, we can completely control the computer's network connections.

2, view the currently running services

Service is a lot of Trojans in the system used to maintain its always to be running one of the methods. We can click on the "Start" -> "Run" -> "cmd", then enter "net start" to see what kind of services the system is turned on, if we find the open service is not their own, we can enter " Services "management tool" Services ", find the appropriate service, stop and disable it.

3, check the system startup items

Because the registry is more complicated for the average user, Trojan horses often prefer to hide here. Check the registry startup entry is as follows: Click "Start" -> "Run" -> "regedit", then check HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion of all to "run" at the beginning of the key; HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion of all to "run" at the beginning of the key value; HKEY-USERS.DefaultSoftwareMicrosoftWindowsCurrentVersion of all to "run" at the beginning of the key.

System.ini Windows installation directory is hidden places like Trojans. Open this file to see if, in the file [boot] field, is not a shell = Explorer.exe file.exe such content, if any such content, it is the Trojans here file.exe it!

4, check the system account

Hi malicious attacker left an account on the computer way to control your computer. They used a system is to activate the default account, but rarely use the account and then upgrade the account administrator access permissions, the account will be the system's biggest security risk. Malicious attacker can arbitrarily control the account on your computer. In view of this situation, you can use these methods account for testing.

Click the "Start" -> "Run" -> "cmd", then enter the command line net user, see what the computer user, and then use "net user username" see what the user permissions are , General Administrator is the administrators group in addition to the other should not belong to administrators group, if you find a system built-in user belongs to administrators group, it is almost certain that you have been invaded. Quick to use "net user username / del" to delete the user it!

If you check out the existence of a Trojan can be killed by subsequent steps Trojan work.

1, run Task Manager, kill the Trojan process.

2, check the registry RUN, RUNSERVEICE and other items, the first backup, you can start the key note address, then delete the suspicious.

3, delete the key suspect in the implementation of the file on your hard drive.

4, the general of this document are in WINNT, SYSTEM, SYSTEM32 folder such, they generally will not exist, is likely to have a master copy files over, and check the C, D, E 绛?Pan no suspicious circumstances under of. exe,. com or. bat file, there are deleted.

5, check the registry HKEY_LOCAL_MACHINE and HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerMain in several (eg, Local Page), if modified, can be changed back.

6, check HKEY_CLASSES_ROOTtxtfileshellopencommand and HKEY_CLASSES_ROOTtxtfileshell

opencommand several common file types, etc. The default open procedures were changed. This must be changed back. Many viruses is by modifying the. Txt files by default program for the virus in the user opens a text file loaded.

Second, use of tools

Avira Trojan tools are LockDown, The Clean, Trojan nemesis, Kingsoft Trojan specifically kill, trojan remove master, Trojans and other analysts, some of which tools, if you want to use all the features necessary to pay certain costs, Trojan analysts is license free use.







相关链接:



CMM assessment in China Suggestions



most common LAPTOP repairs amp their prices



DAT to MP4



MOD Converter



The new VPN strength



SEE this bigger than the SONY



Photoshop mouse painted illustration major combat (3): Draw Butterfly



Hot Standby knowledge



GPS positioning world



The backbone of retail business personal



Chemistry teachers and multimedia courseware



The Dell Notebook Battery Recall A Few Questions And Answers



MOD to MPG



Easy to use Server Applications



Catalogs Audio CD Players



My favorite XML Or CSS Tools



Best Server Applications

View open ports: Let Trojan True Features

Currently the most common Trojan is usually based on TCP / UDP protocol for client-side and server-side communication between, since the use of the two agreements will, inevitably, to the server-side (that is, the machine is kind of a Trojan horse was) open listening port to wait for the connection. For example, using the famous glaciers listen port is 7626, Back Orifice 2000 is the use of 54320 and so on. So, we can use the view of the machine open ports to check whether they have been kind of a Trojan horse or other hacker programs. The following is a detailed method description.

1. Windows itself comes with the netstat command

On the netstat command, we first look at windows help file description:

Netstat

Display protocol statistics and current TCP / IP network connection. This command is only installed TCP / IP protocol before they can use.

netstat [-a] [-e] [-n] [-s] [-p protocol] [-r] [interval]

Parameter

-A

Show all connections and listening ports. Server connection does not usually.

-E

Display Ethernet statistics. This parameter can be used in conjunction with the-s option.

-N

In digital format address and port number (instead of trying to find the name).

-S

Show the statistics for each protocol. By default, the display TCP, UDP, ICMP and IP statistics. -P option can be used to specify the default subset.

-P protocol

Protocol specified by the agreement shows the connection; protocol can be tcp or udp. If used in conjunction with the-s option to display statistics for each protocol, protocol can be tcp, udp, icmp, or ip.

-R

Display routing table contents.

interval

Re-display the selected statistics, pausing between each display interval seconds. Press CTRL + B to stop re-display statistics. If this parameter is omitted, netstat will print the current configuration information once.

Well, read the help file, we should understand to use the netstat command. Let us now study the current use, use this command to look at open ports on your machine. Access to the command line, use the netstat command of a and n are two parameters:

C:> netstat-an

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
TCP 0.0.0.0:21 0.0.0.0:0 LISTENING
TCP 0.0.0.0:7626 0.0.0.0:0 LISTENING
UDP 0.0.0.0:445 0.0.0.0:0
UDP 0.0.0.0:1046 0.0.0.0:0
UDP 0.0.0.0:1047 0.0.0.0:0

Explain, Active Connections is the current active connection of the machine, Proto is the protocol used to connect the name, Local Address is the local computer's IP address and port number being used to connect, Foreign Address is connected to the port of the remote computer's IP address and port number, State is that the state of TCP connections, you can see three rows behind the listening port is UDP protocol, so there is no State that state. Look! My machine's 7626 port is already open, is listening to wait for connections, like this case very likely have been infected with the ice! Quickly disconnected from the network, killing the virus with anti-virus software is the right approach.




[Next]



2. Work under the command line in windows2000 tool fport

Using windows2000 friend than use windows9X lucky, because you can use fport this program to display open ports and process the native correspondence.

Fport is FoundStone produced a system to list all open TCP / IP and UDP ports, and their corresponding application's full path, PID logos, names and other information of the software process. Use the command line, see example:

D:> fport.exe
FPort v1.33 - TCP / IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
http://www.foundstone.com

Pid Process Port Proto Path
748 tcpsvcs -> 7 TCP C: WINNTSystem32 tcpsvcs.exe
748 tcpsvcs -> 9 TCP C: WINNTSystem32tcpsvcs.exe
748 tcpsvcs -> 19 TCP C: WINNTSystem32tcpsvcs.exe
416 svchost -> 135 TCP C: WINNTsystem32svchost.exe

Is not readily seen. This time, what is the procedure in all ports open to all under the eyes of you. If there is a suspicious program opens a suspicious port, be sure not to the effect that Oh, maybe that is a sly Trojan Horse!

Fport the latest version is 2.0. In many sites available for download, but for safety reasons, of course, it is best to go home under: http://www.foundstone.com/knowledge/zips/fport.zip

3. Fport function with graphical interface tools like Active Ports

Active Ports produced as SmartLine, you can use to monitor the computer all open TCP / IP / UDP port, not only will you be shown all the ports, all ports are also shown where the path corresponding procedures, the local IP and remote IP (attempting to connect to your computer IP) whether it is activities.

Is not very intuitive? Even better, it also provides a closed port function, use it to find your horse in the open port, you can immediately shut down the port. The software work in Windows NT/2000/XP platforms. You can get it in http://www.smartline.ru/software/aports.zip.

In fact, users do not use windows xp with other software that can be correspondence between the port and the process, because the windows xp brought the netstat command more than the previous version of an O parameter, this parameter can be obtained using the port and the corresponding process years.

See above description of several local open ports, and the corresponding relationship between the port and process methods, these methods can be easily found based on TCP / UDP protocol Trojans hope that I can help you bring the love machine. But the emphasis on the Trojans against, and if the Trojans run into a rebound port, use the driver and dynamic link library technical production of a new Trojan horse, the above method is difficult to identify traces of a Trojan. Therefore, we must develop good surfing habits, do not run email attachments free, install a antivirus software, such as domestic Rising killing viruses and Trojan horses is a good helper. Download the software from the Internet first, again with antivirus software and re-use, open the network when the Internet firewall and virus real-time monitoring, to protect their machines are not hateful Trojan invasion.






Recommended links:



3G2 to MOV



Make a IPhunter



Hot Geography EDUCATION



Top Registry Tools



Unified Modeling Language UML Overview



Excellence comes from quality, three-dimensional INTERPRETATION PTC Shipbuilding



C + + / CLI object of speculation recorded the Object Layout



Any instrument cable digital tv in iptv



Feeling so steady and VB API (1)



INTRODUCTION Audio Presentation Tools



FrontPage easy to adjust inside the framework of the margins



M2TS to MKV



Precise, accurate, precise GIS successful in distant



News ABOUT Hobby



SWF to MP4



COREL KNOCKOUT matting examples Guide (6)

Zack Rusin interviewed the beauty and magic of KDE

This year's KDE World Summit (KDE World Summit, more well-known name is aKademy) at the University of Malaga in Spain, the conference is the most anticipated KDE developer Zack Rusin fascinating presentation "Beauty and Magic for KDE developers . " He has long been the main KDE developer, recently admitted to the Qt graphical user interface library of developer Trolltech, employ full-time developers. With the deepening of the meeting, participants heard more and more Zack will demonstrate the amazing visual effects. So a lot of the audience crowded in a lecture theater, the wait for this exciting presentation. But they are disappointed that speech to be delayed due to technical problems two days, we are anxious heart itching. Finally solved the problem, Zack made a whirlwind presentation on Unix / Linux graphical development status and future direction.

Zack during the meeting accepted the KDE organization's "comrades in arms with the trenches" Daniel Molkentin interview, detailing his KDE development.

1) Please briefly introduce myself.

Today, I and a friend whom I respect a conversation, he said I unique is that things can not become a reality. This is what I heard the most flattering words. So my self-description is: I can not let things become a real person.

2) Your company has recently entered the Trolltech, the concrete is done about it?

I Trolltech's job is to create something that others can only dream of. Of course, the main interest in computer graphics, but not limited to - research and development company has given me full freedom.

3) the contribution of your past X.org What?

Main is a new acceleration architecture Render and Exa. Render is a new rendering model for X, it has a shadow, translucent, font anti-aliasing capabilities.

4) Exa in aKademy Assembly into focus, you can specifically tell us?

Exa is based on the KAA (Kdrive Acceleration Architecture, KDrive accelerating structure) of the simplified acceleration architecture. KDrive Keith Packard is a modular X server implementation, KAA KDrive can get. And before the old XAA (XFree86 Acceleration Architecture, XFree86 acceleration architecture) different, Exa has been designed to speed up the XRender, it is small, simple, flexible, and allows X developers to create various special effects.

5) before and Exa graphics acceleration technology to accelerate XRender What's the difference?

XRender developed by Keith Packard's new rendering technology, before that X can only rely on very limited primitive. In order to catch up with development needs, now or in the client application, rendering, and not to use these primitives (they only had to render the image transmitted to the X server), or by XRender. Unfortunately, XAA is mainly used to accelerate those old and unused primitives. The Exa the new model-specific acceleration, will no longer bother the old primitive.

6) everyone can benefit from Exa it?

Yes. Of course the premise that their drivers to support Exa (We have transplanted most of the driver).

7) You use Xgl demonstrates an astounding results. Do you think Xgl have a future?

Yes, Xgl promising. This is our long-term solution. I'm still not finished Xegl because I have a lot of work. With OpenGV and some new plug-ins, OpenGL has become very attractive to all of our 2D solution to the problem.

8) Please tell us about Xgl and Xegl difference.

Xegl is an independent server, but need to run the Xgl X server to start (set the modeline option and processing input are the two most important aspects). They share the same graphics acceleration code, but Xgl the modeline and enter the settings to do the work to another X server, which provides the OpenGL graphics acceleration to determine Xegl test basis.

9) KDE's cube effect of more and more like Apple's OS X, is not inspired by OS X?

I want to clarify that cube effect designed by Dave Reveman, I do not want to claim credit. As for your question, my answer is: I hope not.

Optical design of special effects is easy, but easy to use yet beautiful design of special effects is difficult. Effect on the desktop design, the excellent design and poor design is but one step away, KDE 4's Plasma one of the biggest challenges is to weigh the tradeoff between the two.

If you just copy the design, we can not be the best. Innovation is not dead, Plasma is our answer. In KDE's history, designers, developers and usability experts together for the first time to conduct an organized development. Three teams working in parallel, so graphic design and usability will not be like other open source projects as well just have to wait until additional software design up. They are now the core of our development model components.

10) You work in X.org to when they could be completed?

The new X.org Render and Exa has entered the. The next step is Xgl, then Xegl. Until X.org 7.0 is completed, we will start Xgl and Xegl project.

11) Since the X11 launch, has been a long time. Upcoming X.org 7.0, in which aspects of the revolutionary?

It is the first modular version, so very special. Drivers and servers do not have to integrate, we will release the driver and server.

12) the user can get from the modular X.org What are the benefits?

They do not have to go to upgrade when upgrading drivers the server. Driver upgrade independently. X.org 7.0 will reduce the novice to the development of fear of X, users will experience a significant performance upgrade, which will attract many users to upgrade to X.org 7.0.

13) To take full advantage of the new X.org technology, Qt What adjustment do?

Qt for me is the driving force behind the scenes, while the applications and the desktop environment is the motivation to promote the development server. But the server itself is no fun at all, its only purpose is to meet the needs of desktop development. We have engaged in anti-this time around the relationship between the server hard at solving the problem, we are now back on track, innovation is our real work.

14) you X.org, Qt, KDE, and Linux's future expectations?

I want people to bold innovation - afraid of surprise, fear can not do. We now have sufficiently advanced technology, and only the best ideas. Therefore, on the meaningful exchange and designers.

Obviously, vector graphics will gradually become popular. Qt will support the SVG 1.2 standard, and at different levels make use of this standard (including animation support). At present most of the SVG icon themes are developed with, but for performance reasons are converted to PNG format. This situation will soon change, since the image will not render SVG slower than the raster image rendering.






Recommended links:



Easy Kids Education



EFFECTIVE process improvement method must contain the elements



2007, the Chinese simulation years



SWF to MPEG4



Britain invented the robot can be SWALLOWED pills belly detection of cancer



3GP To MOV



Chip PC industry suppliers and the Evolution of two-man



To work without selection, the PROBLEM you thought about it?



FLV to M4V



Wang Quanguo: To "King Kong" Solid As A Rock



Hot Browsers



OEE overall equipment efficiency



Good Text Or Document Editors



Introduction Animation Tools



what are the best batteries for A digital camera