Current location - Quotes Website - Personality signature - How to know if your computer has been hacked
How to know if your computer has been hacked

It is normal for the amount of data received to be larger than the amount of data sent. If the opposite is true, it is most likely to have been remotely invaded.

In addition, methods to determine whether it has been invaded:

General judgment:

1. Check the ports, especially scan all open ports of the machine from other hosts ( To prevent hidden ports on this machine)

2. Check the process, especially the process with path and startup parameters to check the software

3. Check all startup items ( Including many startup locations such as services)

4. View related items and plug-in items that can cause program calls

Advanced prevention: (prevent kernel-level hidden ports, processes, registries, etc.)

1. Start with other os that can read the system files and check the local files and registry.

2. Use the total network traffic to compare the total socket traffic and view. Analyze abnormal network communications using router network communication records and other methods

To catch intruders, check and track logs. (Not only the local machine’s logs, but also those of routers, telecommunications, etc.)

How to know whether a Trojan horse is installed on a computer?

2005-07-20

1. Manual method:

1. Check the network connection

Because many Trojans will take the initiative Listening port, or connecting to a specific IP and port, so we can discover the existence of Trojans by checking the network connection when there is no normal program to connect to the network. The specific steps are to click "Start" -> "Run" -> "cmd", and then enter netstat -an. This command can see all the IPs connected to your computer and the ports your computer is listening on. It contains four parts. ——proto (connection mode), local address (local connection address), foreign address (address to establish connection with local), state (current port status). Through the detailed information of this command, we can completely monitor the computer's network connection.

2. View currently running services

Services are one of the methods used by many Trojans to keep themselves always running in the system. We can click "Start" -> "Run" -> "cmd" and then enter "net start" to see what services are open in the system. If we find services that are not open by ourselves, we can enter "Services" "Services" in the management tool, find the corresponding service, stop and disable it.

3. Check the system startup items

Since the registry is relatively complicated for ordinary users, Trojans often like to hide here. The method to check the registry startup items is as follows: click "Start" -> "Run" -> "regedit", and then check all key values ??starting with "run" under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion; HKEY_CURRENT_USER\Software\ All key values ??starting with "run" under Microsoft\Windows\CurrentVersion; all key values ??starting with "run" under HKEY-USERS\.Default\Software\Microsoft\Windows\CurrentVersion.

System.ini in the Windows installation directory is also a place where Trojans like to hide. Open this file and see if there is content like shell=Explorer.exe file.exe in the [boot] field of the file. If there is such content, then file.exe here is a Trojan horse program!

4. Check the system account

Malicious attackers like to control your computer by leaving an account on the computer. The method they used was to activate a default account in the system, but this account is rarely used, and then upgrade the permissions of this account to administrator permissions. This account will be the biggest security risk in the system. A malicious attacker can use this account to gain arbitrary control of your computer. In this case, the following methods can be used to detect the account.

Click "Start" -> "Run" -> "cmd", then enter net user at the command line to check what users are on the computer, and then use "net user username" to check this user What kind of permissions does it belong to? Generally speaking, except Administrator, who belongs to the Administrators group, others should not belong to the Administrators group. If you find that a built-in user in the system belongs to the Administrators group, it is almost certain that you have been invaded.

Quickly use "net user username/del" to delete this user!

Related articles
  • Can you take care of yourself after anal fistula surgery
  • Why are there scratches on colored paper?
  • Ask a lawyer. Will the lawyer write a list when he receives the materials?
  • What's the difference between a curved tip and a straight tip?
  • Is JDG's jungle prince's abnormal performance because he is afraid that Koreans will criticize him if he doesn't play well?
  • Is there any connection between personal number, community and official WeChat account?
  • Art class mother's day activity plan
  • What's the use of opening a gold card in Douro Mainland?
  • What does Wen Zou Zou mean?
  • Is it illegal to lend a credit card to a friend and sign my name?

    • copyright 2024 Quotes Website All rights reserved