1. Learn Bole and know horses
In essence, *s are a kind of remote control software. However, remote control software is also divided into regular troops and mountain bandits. As the name suggests, regular troops are software that legitimately helps you remotely manage and set up your computer. For example, Windows XP's own remote assistance function. Generally, when this software is running, it will appear in the system taskbar, clearly telling the user that the current system is in a controlled state; while *s are mountain bandits, they will sneak into your computer to destroy it, and run by modifying the registry and bundling them on normal programs, making it difficult for you to find its trace.
Another difference between * and ordinary remote control software is that the remote control functions implemented by *s are richer. They can not only realize the functions of general remote control software, but also destroy system files, record keyboard actions, steal passwords, modify registry and restrict system functions. And you may become an accomplice of horse breeders, and horse breeders may also use your machine to attack others and let you take the blame.
2. Find the culprit who leads the horse
As an unpopular bandit, how did *s get into your system? There are generally the following main transmission methods:
The most common way is to use chat software to "kill old customers". For example, if your QQ friend gets a *, this * is likely to run QQ on the friend's machine and send you a message, tempting you to open a link or run a program. If you accidentally click or run it, the horse will sneak in; another popular method is to buy one and "get it" one, and the * will be bundled with some normal files, such as bundled with picture files. When you browse the pictures, the * will also sneak in; raising horses on the web page is also a common method. Hackers put the prepared * on the web page and tempting you to open it. You may be hit by just browsing this page; the last common method is to plant Internet cafes. Internet cafes have poor security, and hackers can also deal with tricks directly on the machine, so there are many machines with horses in Internet cafes. The chance of being attacked by *s while surfing the Internet in an Internet cafe is also very high. Moreover, the above methods may also act in combination and attack you.
3. How to check and kill *s
How do we determine whether there are *s in the machine? Here are some simple ways to try.
STEP1
Check the open port. As a remote control software, *s also have the characteristics of remote control software. In order to contact its owner, it must open a door (i.e., a port), so we can check whether there is a * passing by by looking at the ports open by the machine. Select "Start" - "Run", enter "CMD" and press Enter, open the command line editing interface, enter the command "netstat -an" (see Figure 1), where "ESTABLISHED" represents the port that has been established and "LISTENING" represents the port that has been opened and waiting for someone else to connect. Look for suspicious molecules in the open port, such as 7626 (Glacial *), 54320 (Back Orific 2000), etc.
STEP2
Check the registry. In order to realize functions such as starting with the system, the * will modify the registry. We can look for traces of the * by checking the registry. Enter "regedit" in "Run", and open the registry editor after pressing.
Position to: HKEY_CURRENT_USERSoftwaremicrosoft WindowsCurrentVersionExplorer, open the Shell Folders, User Shell Folders, Run, RunOnce and RunServices subkeys respectively to check whether there is suspicious content inside. Then locate it under HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorer to view the contents of the above 5 subkeys respectively. Once you find a program you don’t know inside, you should be alert. It is very likely that the *s have visited here.
STEP3
When viewing the system configuration file, many * files will modify the system file, and the files are the two software that are most frequently modified. We need to conduct regular physical examinations on it. Enter "%systemroot%" in "Run", and after entering, you will open the "Windows" folder, find the file inside, and search for the "windows" field. If you find a statement like "load=, run=" (the name of the * program), you should be extra careful. This is likely to be the main program of the *. Similarly, search for the "boot" field in the file and find the "Shell=" in it. The default should be "Shell=". If it is another program, it may also be hit by a *.
In addition, you can also infer whether there are *s in the system by viewing the system processes and using special * detection software.
Close the door of the stable and do a good job in defending the *
Search for the file in the system and rename it, such as. Then enter "%windows%coMMand" in "Run" and change the name inside. Open the registry editor, locate: HKEY_LOCAL_MACHINESOFTWAREMicrosoft Internet ExplorerActiveX Compatibility, find the "Active Setup controls" subkey (if it does not need to be manually created), and then create a new subkey under it, named {6E449683_C509_11CF_AAFA_00AA00 B6015C}, right-click the blank space on the right, select "New Key" - "DWORD Value", the key name is "Compatibility", and set the key value to "0x00000400".
In essence, *s are a kind of remote control software. However, remote control software is also divided into regular troops and mountain bandits. As the name suggests, regular troops are software that legitimately helps you remotely manage and set up your computer. For example, Windows XP's own remote assistance function. Generally, when this software is running, it will appear in the system taskbar, clearly telling the user that the current system is in a controlled state; while *s are mountain bandits, they will sneak into your computer to destroy it, and run by modifying the registry and bundling them on normal programs, making it difficult for you to find its trace.
Another difference between * and ordinary remote control software is that the remote control functions implemented by *s are richer. They can not only realize the functions of general remote control software, but also destroy system files, record keyboard actions, steal passwords, modify registry and restrict system functions. And you may become an accomplice of horse breeders, and horse breeders may also use your machine to attack others and let you take the blame.
2. Find the culprit who leads the horse
As an unpopular bandit, how did *s get into your system? There are generally the following main transmission methods:
The most common way is to use chat software to "kill old customers". For example, if your QQ friend gets a *, this * is likely to run QQ on the friend's machine and send you a message, tempting you to open a link or run a program. If you accidentally click or run it, the horse will sneak in; another popular method is to buy one and "get it" one, and the * will be bundled with some normal files, such as bundled with picture files. When you browse the pictures, the * will also sneak in; raising horses on the web page is also a common method. Hackers put the prepared * on the web page and tempting you to open it. You may be hit by just browsing this page; the last common method is to plant Internet cafes. Internet cafes have poor security, and hackers can also deal with tricks directly on the machine, so there are many machines with horses in Internet cafes. The chance of being attacked by *s while surfing the Internet in an Internet cafe is also very high. Moreover, the above methods may also act in combination and attack you.
3. How to check and kill *s
How do we determine whether there are *s in the machine? Here are some simple ways to try.
STEP1
Check the open port. As a remote control software, *s also have the characteristics of remote control software. In order to contact its owner, it must open a door (i.e., a port), so we can check whether there is a * passing by by looking at the ports open by the machine. Select "Start" - "Run", enter "CMD" and press Enter, open the command line editing interface, enter the command "netstat -an" (see Figure 1), where "ESTABLISHED" represents the port that has been established and "LISTENING" represents the port that has been opened and waiting for someone else to connect. Look for suspicious molecules in the open port, such as 7626 (Glacial *), 54320 (Back Orific 2000), etc.
STEP2
Check the registry. In order to realize functions such as starting with the system, the * will modify the registry. We can look for traces of the * by checking the registry. Enter "regedit" in "Run", and open the registry editor after pressing.
Position to: HKEY_CURRENT_USERSoftwaremicrosoft WindowsCurrentVersionExplorer, open the Shell Folders, User Shell Folders, Run, RunOnce and RunServices subkeys respectively to check whether there is suspicious content inside. Then locate it under HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorer to view the contents of the above 5 subkeys respectively. Once you find a program you don’t know inside, you should be alert. It is very likely that the *s have visited here.
STEP3
When viewing the system configuration file, many * files will modify the system file, and the files are the two software that are most frequently modified. We need to conduct regular physical examinations on it. Enter "%systemroot%" in "Run", and after entering, you will open the "Windows" folder, find the file inside, and search for the "windows" field. If you find a statement like "load=, run=" (the name of the * program), you should be extra careful. This is likely to be the main program of the *. Similarly, search for the "boot" field in the file and find the "Shell=" in it. The default should be "Shell=". If it is another program, it may also be hit by a *.
In addition, you can also infer whether there are *s in the system by viewing the system processes and using special * detection software.
Close the door of the stable and do a good job in defending the *
Search for the file in the system and rename it, such as. Then enter "%windows%coMMand" in "Run" and change the name inside. Open the registry editor, locate: HKEY_LOCAL_MACHINESOFTWAREMicrosoft Internet ExplorerActiveX Compatibility, find the "Active Setup controls" subkey (if it does not need to be manually created), and then create a new subkey under it, named {6E449683_C509_11CF_AAFA_00AA00 B6015C}, right-click the blank space on the right, select "New Key" - "DWORD Value", the key name is "Compatibility", and set the key value to "0x00000400".