Monday, October 25, 2010

Quick Start Guide for new computer Trojan Avira Daquan



Often in the river walk, how can we avoid wet feet? So sometimes the Internet a long time, it is likely to be attacked by a Trojan in the computer kind. How to know the computer has not been installed on your system then?

First, manual methods

1, check the network connectivity

As the number of Trojans will take the initiative to the listening port, or will connect a specific IP and port, so we can connect to the network without the normal case, the situation with the situation by examining the network to discover the existence of Trojan horses. Specific steps is to click "Start" -> "Run" -> "cmd", then enter the command netstat-an to see all, and to connect their computers and their computer IP listening port, which contains four parts - proto (connection), local address (local connection address), foreign address (the address of local connection), state (current port status). For more information through this order, we can completely control the computer's network connections.

2, view the currently running services

Service is a lot of Trojans in the system used to maintain its always to be running one of the methods. We can click on the "Start" -> "Run" -> "cmd", then enter "net start" to see what kind of services the system is turned on, if we find the open service is not their own, we can enter " Services "management tool" Services ", find the appropriate service, stop and disable it.

3, check the system startup items

Because the registry is more complicated for the average user, Trojan horses often prefer to hide here. Check the registry startup entry is as follows: Click "Start" -> "Run" -> "regedit", then check HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion of all to "run" at the beginning of the key; HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion of all to "run" at the beginning of the key value; HKEY-USERS.DefaultSoftwareMicrosoftWindowsCurrentVersion of all to "run" at the beginning of the key.

System.ini Windows installation directory is hidden places like Trojans. Open this file to see if, in the file [boot] field, is not a shell = Explorer.exe file.exe such content, if any such content, it is the Trojans here file.exe it!

4, check the system account

Hi malicious attacker left an account on the computer way to control your computer. They used a system is to activate the default account, but rarely use the account and then upgrade the account administrator access permissions, the account will be the system's biggest security risk. Malicious attacker can arbitrarily control the account on your computer. In view of this situation, you can use these methods account for testing.

Click the "Start" -> "Run" -> "cmd", then enter the command line net user, see what the computer user, and then use "net user username" see what the user permissions are , General Administrator is the administrators group in addition to the other should not belong to administrators group, if you find a system built-in user belongs to administrators group, it is almost certain that you have been invaded. Quick to use "net user username / del" to delete the user it!

If you check out the existence of a Trojan can be killed by subsequent steps Trojan work.

1, run Task Manager, kill the Trojan process.

2, check the registry RUN, RUNSERVEICE and other items, the first backup, you can start the key note address, then delete the suspicious.

3, delete the key suspect in the implementation of the file on your hard drive.

4, the general of this document are in WINNT, SYSTEM, SYSTEM32 folder such, they generally will not exist, is likely to have a master copy files over, and check the C, D, E 绛?Pan no suspicious circumstances under of. exe,. com or. bat file, there are deleted.

5, check the registry HKEY_LOCAL_MACHINE and HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerMain in several (eg, Local Page), if modified, can be changed back.

6, check HKEY_CLASSES_ROOTtxtfileshellopencommand and HKEY_CLASSES_ROOTtxtfileshell

opencommand several common file types, etc. The default open procedures were changed. This must be changed back. Many viruses is by modifying the. Txt files by default program for the virus in the user opens a text file loaded.

Second, use of tools

Avira Trojan tools are LockDown, The Clean, Trojan nemesis, Kingsoft Trojan specifically kill, trojan remove master, Trojans and other analysts, some of which tools, if you want to use all the features necessary to pay certain costs, Trojan analysts is license free use.







相关链接:



CMM assessment in China Suggestions



most common LAPTOP repairs amp their prices



DAT to MP4



MOD Converter



The new VPN strength



SEE this bigger than the SONY



Photoshop mouse painted illustration major combat (3): Draw Butterfly



Hot Standby knowledge



GPS positioning world



The backbone of retail business personal



Chemistry teachers and multimedia courseware



The Dell Notebook Battery Recall A Few Questions And Answers



MOD to MPG



Easy to use Server Applications



Catalogs Audio CD Players



My favorite XML Or CSS Tools



Best Server Applications



1 comment:

  1. Sаvеd as a fаvoritе, I lovе your wеbsite!


    Here is my page Arjun Kanuri

    ReplyDelete