If you have Trojan horses, viruses, malware, etc. in your computer
If there are still problems, MYQQ:244344727, xiaozhibink@eyou.com, thank you!
please accommodate my solution:
1 preparation software:
antivirus software and detection software.
[ If you can, try to know what virus you have, and download the virus killing tool www.xunlei.com to find it (some virus shielding words) ]
2. If you can't kill virus in normal state
Please: press F8 to start the machine and enter the safe mode.
you can run antivirus software in that mode.
3,
Use anti-virus software, [must be updated ]
Just kill the disk once with detection software,
4, restart,
Detection software:
Super Rabbit:. com/soft/2993.html
, optimization master. com/soft/2. uid=1& pid=h_home& M = 127C4D75A 1B 12798519D9ECD373A7DC < P >, antivirus software: Kaba, Rising, Jinshan ...
robot dog/drive /AV terminator killing tool
/for _ down/rsfree/ravolusrfree.exe
or
-
Clean up the system:
cclean 2 tricks:
1:
Give you a batch
del/f/. *.tmp
del /f /s /q %systemdrive%\*._mp
del /f /s /q %systemdrive%\*.log
del /f /s /q %systemdrive%\*.gid
del /f /s /q %systemdrive%\ *.chk
del /f /s /q %systemdrive%\*.old
del /f /s /q %systemdrive%\recycled\*.*
del /f /s /q %windir%\*.bak
del /f /s /q %windir%\prefetch\*.*
rd /s /q %windir%\temp & md %windir%\temp
del /f /q %userprofile%\cookies\*.*
del /f /q %userprofile%\recent\*.*
del /f /s /q "%userprofile%\Local Settings\ Temporary internet files \ *. * "
del/f/s/q"% userprofile% \ local settings \ temp \ *. * "
del/f/s/q"% userprofile% \ recent \ *. * "
Just create a notepad. Then copy the above passage into the notepad, save it as *.bat(* is any name), and just run it directly.
2:
Create a new notepad and enter the following contents:
@echo off
echo is cleaning up the system junk files, please wait a moment ...
del/f/s/q% systemdrive. *.tmp
del /f /s /q %systemdrive%\*._mp
del /f /s /q %systemdrive%\*.log
del /f /s /q %systemdrive%\*.gid
del /f /s /q %systemdrive%\ *.chk
del /f /s /q %systemdrive%\*.old
del /f /s /q %systemdrive%\recycled\*.*
del /f /s /q %windir%\*.bak
del /f /s /q %windir%\prefetch\*.*
rd /s /q %windir%\temp & Md% windir% \ temp
del/f/q% userprofile% \ cookie s \ *. *
del/f/q% userprofile% \ recent \ *. *
del/f/s/q "%userprofile% \ local settings. Temporary internet files \ *. * "
del/f/s/q"% userprofile% \ local settings \ temp \ *. * "
del/f/s/q"% userprofile% \ recent \ *. * "
echo cleaning system LJ is completed.
echo. & Pause
Open or Notepad. See clearly here. Finally, save it, and then rename it "Clean System LJ. bat"
Trojan horse is a program that can provide some useful or just interesting functions. But it also has other functions that users don't know, such as copying files or stealing your password without your knowledge.
in RFC 1244 (request for comments: 1244), Trojan horse is described as follows: "Trojan horse is a program that can provide some useful or just interesting functions. But it also has other functions that users don't know, such as copying files or stealing your password without your knowledge. " With the rapid development of the Internet, the attack and harmfulness of Trojan horses are increasing. Trojan horse is essentially a program, which can only work after it is run, so it will leave clues in the process table and registry, and we can "catch it" by "checking, blocking and killing".
check
1. check the system processes
most trojans will be displayed in the process manager after running, so suspicious programs can be found by analyzing and filtering the system process list. Especially, by comparing the CPU resource occupancy rate and the number of sentence handles with the normal process, abnormal phenomena are found.
2. check the registry, ini files and services
in order to be able to run automatically after booting, Registry keys are often added in the following options:
HKEY _ local _ machine \ software \ Microsoft \ Windows \ currentversion \ run
HKEY _ local _ machine \ software \ Microsoft \ Windows \ currentversion \ Ru. nOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServic Es
HKEY _ local _ machine \ software \ Microsoft \ Windows \ currentversion \ runservices once
Trojans can also be loaded after "run=", "load=" and "shell=" of Win.ini and System.ini If you don't know the loading program after these options, it may be a Trojan horse. Trojan horse's most common trick is to change "Explorer" into its own program name. Just slightly change the letter "L" of "Explorer" into the number "1" or change the "O" into the number "". These changes are difficult to find if you don't observe carefully.
In Windwos NT/2, Trojans will add themselves to the system as services, and even randomly replace the service programs that are not started by the system to realize automatic loading. You should know something about the regular services of the operating system when detecting.
3. check open port
remote control trojans and output Shell trojans. Metropolis listens to a port in the system, receives commands from the control terminal and executes them. By checking some "strange" ports opened on the system, we can find the traces of Trojan horses. Enter Netstat na on the command line, and you can clearly see the ports and connections opened by the system. You can also download the Fport software from www.foundstone.com. After running the software, you can know the process name, process number and path of the program that opens the port, which provides a convenient door for finding the Trojan horse.
4. Monitor network communication
For some Trojans that use ICMP data communication, the controlled end does not open any listening port, so there is no need for reverse connection, and no connection will be established. The third method to check the open port will not work. You can shut down all the processes of network behavior, and then open the Sniffer software to monitor. If there is still a lot of data, you can basically determine that a Trojan horse is running in the background.
blocking
1. blocking the control channel
if your network connection is disabled or the dial-up connection is cancelled, and the abnormal phenomena such as repeated startup and window opening disappear, then you can judge that your computer has a Trojan horse. By disabling the network connection or unplugging the network cable, you can completely avoid the remote computer controlling you through the network. Of course, UDP, TCP and ICMP ports can also be closed or filtered through the firewall.
2. Kill the suspicious process
If you check the suspicious process through Pslist, if the computer is normal after killing the suspicious process with Pskill, it means that the suspicious process is controlled by the remote end through the network, which makes the computer abnormal.
kill
1. Manually delete
Some suspicious files can't be deleted immediately, and the computer may not work normally due to the accidental deletion of system files. First, back up suspicious files and registry, and then use Ultraedit32 editor to check the header information of files, and get a general understanding of Trojans through the plaintext characters in suspicious files. Of course, experts can also use W32Dasm and other special decompilation software to statically analyze suspicious files, check the list of import functions and data segments of files, and get a preliminary understanding of the main functions of the program. Finally, delete the Trojan file and the key values in the registry.
2. Software antivirus
Due to the continuous progress of Trojan writing technology, many Trojans have self-protection mechanisms. Ordinary users had better use professional anti-virus software such as Rising and Kingsoft Internet Security to carry out anti-virus. For anti-virus software, they must be updated in time, and know the prevention and killing skills of new Trojans in time through virus announcements, or download special anti-virus software to carry out anti-virus (for example, major companies of shock wave virus have developed killing tools recently).