【 Weak current College 】 checks your computer has not been hacking Trojan invasion

Normally use the computer may encounter such a situation: computer suddenly panic, and sometimes automatically restart, unprovoked-less files found desktop refresh slowly, is not running any program and the hard disk is hard to read and write to the system or baffling to search for a floppy drive, anti-virus software and firewall alerts, find the speed of the system is more and more slowly, at this time you will have to be careful.

The first reaction (forming a good habit to bowl can reduce loss): use CTRL + ALT + DEL to bring up the task list to see what programs are running, such as find strange program will pay more attention, in General, those in the Task Manager on the program will not run on the system's basic shines into negative impact (Note: here is a basic operation, and they say that this article is on the network, the results of this study), so you can turn off some suspicious programs to see, discover some abnormal situation returned to normal, then it would be the preliminary determination is a Trojan horse, and found that there are multiple names for the same program running, but may increase over time, this increase is a questionable phenomena also pay particular attention, you are to the Internet network or LAN after the discovery of these phenomena, not doubt, hands-on look!, (Note: there may be other virus ascribes)

1 upgrade your anti-virus software to the latest, to conduct a comprehensive inspection system scan.

2 click Tools → Options → view the folder Hide protected operating system files (recommended) and Hide extensions for known file types of the two preceding written removed, for easier viewing.

3 view the Windows directory of the win.ini file that begins with a few lines in the [WINDOWS] load = ren = here on the start Windows automatic program, you can see the contrast between them.

4 viewing the Windows directory in the system.ini file under the [386Enh] line: device = here is placed the systemitself and additional drivers. Plus the driver typically use the full path, e.g., device = c:\windows\system32\tianyangdemeng.exe (here for example)

5 see Start menu 「introduction programs "→" startup 」. Here is start of Windows automatic procedures, if any, it is placed on the C:\Windows\StartMenu\Programs\, keep it in a safe place and then deleted, you need to restore them back.

6 in the start → 「introduction run 」 Type "MSCONFIG" and see if there is any suspicious startup items, you may be asked, does not mean?, in fact, these two methods is different, you are both ways to see what you will find different, as regards the point you want to say more, to be honest, I don't know. Oh don't joke wish master out answers!

7 check the registry, in the start → 「introduction run 」, enter "REGEDIT".

First make a backup of the registry, view the registration. (Be sure to develop a habit, when you modify the wood file, not sure of the need to be backed up)

View the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices and Run, to see if there's a suspicious program.

View HKEY_CLASSES_ROOT\EXEFILE\SHELL\OPEN\COMMAND, look. EXE file associated Trojans, the correct value for "% 1"% * view HKEY_CLASSES_ROOT\INFFILE\SHELL\OPEN\COMMAND, look. INF file association of horse, the correct value for the "HKEY_CLASSES_ROOT\TXTFILE\SHELL\OPEN\COMMAND SYSTEMROOT%\SYSTEM32\NOTEPAD.EXE%1 view to see if there is. TXT file association of horse, the correct value for started CMD, enter%SYSTEMROOT%\SYSTEM32\NOTEPAD.EXE%1 NETSTAT-AN view has no exception for the port.

8Windows in executable file. exe、。 com、。 dll…… They are likely to be a hacker placed virus hacking and virus carriers. When the system is functioning, the above files to make a backup, to the need to write back!

9 in the Windows directory to see if there is no a Winstart.bat file. This file is also an Autoexec.bat like automatic batch file, however, it can only work in Windows and can not be used in DOS. A closer look at what you don't know the driver turned it down, to Baidu check, automatic batch files in general this will not be used. (You can only experience to judge the)

10 see c:\autoexec.bat and c:\config.sys, these two files have some system drivers. To see if there's anything suspicious driver.

11 right-click 「introduction my computer 」 → Event Viewer Security log to see if there are no suspicious content.

12 in CMDNext enter the NETUSER to see if there's a suspicious users set up their own never occurred, immediately NETUSERABCD/DEL to delete it (ABCD is the user name here, just put it into the users you want to delete it, or you can go to the next check user clone for viewing and other things can help to your tool, some hackers set up users with General method is invisible, we will pay attention.