Method of judging whether it is invaded :
General judgment :
1, View port , In particular, scan all open ports of this machine from other hosts ( To prevent hidden ports on this machine )
2, View process , In particular, use the process with path and startup parameters to view the software check
3, Check all startup items ( Many startup locations including services )
4, View the associated items that can cause program calls , Plug in item
Advanced prevention :( Prevent kernel level hidden ports , process , Registry, etc )
1, Use other methods that can read the system files os start-up , Check native files , registry
2, Compare the socket traffic with the total network traffic and , Check the router network communication records and other methods to analyze abnormal network communication
one , Manual method :
1, Check the network connection
Because many Trojans will actively listen on ports , Or connect to a specific IP And port , So we can connect to the network without normal programs , Find the existence of Trojan horse by checking the network connection .
The specific step is to click “ start ”->“ function ”->“cmd”, Then enter netstat
-an This command can see all the data connected to your computer IP And the port on which your computer listens , It consists of four parts ——proto( Connection mode ),local
address( Local connection address ),foreign
address( Address to establish connection with local ),state( Current port status ). Through the details of this command , We can fully monitor the network connection of the computer .
2, View currently running services
Service is one of the methods used by many Trojans to keep themselves running in the system forever . We can click “ start ”->“ function ”->“cmd”, Then enter “net
start” To see what services are on in the system , If you find a service that is not open to you , We can enter “ service ” In management tools “ service ”, Find the appropriate service , Stop and disable it .
3, Check system startup items

Because the registry is more complex for ordinary users , Trojans often like to hide here . Check the registry startup key as follows : click “ start ”->“ function ”->“regedit”, Then check HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion Next all “run” Key value at the beginning ;HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion Next all “run” Key value at the beginning ;HKEY-USERS.Default\Software\Microsoft\Windows\CurrentVersion Next all “run” Key value at the beginning .

Windows Under the installation directory System.ini It is also a place where Trojans like to hide . Open this file and have a look , At the end of the file [boot] Field , Is there shell=Explorer.exe
file.exe Such content , If so , What about here file.exe It's a Trojan horse program !
4, Check system account

Malicious attackers like to keep an account in the computer to control your computer . Their method is to activate a default account in the system , But this account is rarely used , Then upgrade the authority of this account to administrator authority , This account will be the biggest security risk in the system . A malicious attacker can arbitrarily control your computer through this account . in view of this situation , The following methods can be used to detect the account .
click “ start ”->“ function ”->“cmd”, Then enter at the command line net user, See what users are on your computer , Then use it “net user
user name ” View the permissions of this user , Generally except Administrator yes administrators Group , Nothing else should belong to administrators group , If you find that a system built-in user belongs to administrators Group , Then it's almost certain that you were invaded . Quick use “net
user user name /del” Delete this user !

View method :

It is usually checked by looking at the system process , If you find a suspicious process, you can end it , And through operation msconfig Or clear the startup key by manually modifying the registry , This method is also suitable for checking and clearing Trojans and gummy sugar programs .

Prevention methods :

Remove the check mark of remote monitoring in the computer properties , Turn off remote monitoring ;

Install an antivirus software , It is best to update to the latest version ;

If it's often monitored , Maybe there are very important things in the computer , worth much . Otherwise , This is unlikely to happen ;

It is recommended to install firewall .

Technology
©2019-2020 Toolsou All rights reserved,
Dynamic Simple registration login interface HTML+CSS+JQCSS Implement overflow display ellipsis 802.11 CCA and NAV mechanism Programmer refused due to low salary offer,HR become shame , Netizens instantly blew up ..abaqus Value of mass scaling factor _ABAQUS Mass scaling for Java Student information management system console version C Classic topics of language —— Insert a number into the sorted array Computer level 1 multi-point , How many points can I pass the computer test level 1 VINS-Fusion run kitti stereo and stereo+GPS data TS stay vue2 Writing in the project