1. Keyboard
Do you wonder why you put the keyboard in the first place? Will the keyboard be attacked? Quite simply, the keyboard is an important bridge for us to communicate with the outside world, and we have to input a lot of information through it, so many "hacker" softwares put this "eye in the dark" here. By recording keyboard activities, you can easily get many valuable things, such as passwords, conversation content and so on. Solution: The best way to deal with these things is to use anti-virus software. If antivirus software has a virus firewall, you need to pay attention to downloading the latest firewall version.
2. Browser
We can't get online without a browser, which is also a "good place" to reveal secrets. Browser vulnerabilities are mainly IE cache problems and cookies, especially cookies. Some cookies contain the name of your login website, login time and even login password. Software such as "Walking through the snow without trace" is a "hacker" software that specially checks cookie.
Solution: Click Internet Options and Delete File to completely delete the cache.
3. Tencent OICQ
Which Internet cafe will shut Tencent OICQ out now? Because of the widespread use of Tencent OICQ, the release of each new version of Tencent OICQ has attracted the attention of many hackers. From sniffers, keyloggers, bombers to peeking at chat records, it is impossible to prevent.
Solution: Tencent OICQ is updated quickly, so please download and use the latest version. Click "system parameters", "network security settings" and "reject stranger information" in OICQ to deal with the bombing of OICQ; You should also set "Use local information encryption".
4. Web browsing
Browsing the web is one of the important ways for us to get online information. We need to pay attention to the following points when browsing the web: when logging in to the free email, try to log in to the designated website, not to log in to the personal homepage, because the website is likely to record your user name and password. To handle the webpage with infinite pop-up window (this is a prank when browsing the webpage, which can make your machine crash), you can first press and hold the "Crtl+Alt+Del" key, close the "EXPLORER" window, and then modify the "Internet" option to prohibit Java from executing. For ActiveX inserted in a webpage, when prompted to download and install, be sure to check whether it is signed. If it doesn't sign, it may contain the Trojan horse. Try to download software from well-known download websites, and it is best to kill viruses first.
5. Enjoy the hard drive * * *
Internet cafes are equal to a local area network, so we must pay attention to the enjoyment of the network hard disk, especially the write permission of the hard disk must not be opened. It is best to set all hard disks to * * *.
Copy and paste
We sometimes use the copy-and-paste function extensively to copy files and text. It's best to empty the clipboard when you leave the machine. Pay special attention to whether you have used some clipboard enhancement tools. These tools usually automatically record the number and content of files you copied, even if you shut down abnormally.
7. Legacy documents
Don't just open the files left by others. Curiosity is not always a good thing. In order to catch ordinary users off guard, "hackers" always cheat people with what everyone is most common or favorite. The file with the icon WINZIP may actually be a Trojan horse; A beautiful FLASH animation may hide many unknown "activities".
8. Abnormal changes
Finally, pay attention to the abnormal changes in the computer. When you are chatting, the mouse suddenly doesn't listen to your command, or the computer suddenly restarts, or a new window suddenly appears. These signs indicate that the computer you are using is under the control of others. The best way to prevent it is to download the personal firewall of Skynet and cut off the connection with the network. Skynet will also automatically record the IP of intruders.
9. Port
When you surf the Internet, others chat with you, and you send emails, you must have the same protocol, that is, TCP/IP protocol. The communication of any network software is based on TCP/IP protocol. If the internet is compared to a road network, the computer is a house on the side of the road. Only with a door can you get in and out of the house. According to TCP/IP protocol, a computer can have 256 times 256 doors, that is, from 0 to 65535, which is called "port" in TCP/IP protocol. When you send an e-mail, the e-mail software will send the letter to port 25 of the mail server. When you receive a letter, the mail software gets the letter from the door of the port 1 10 of the mail server. What you see now is what I wrote, entering port 80 of the server. The port number of the newly installed PC is 139. When you surf the Internet, you communicate with the outside world through this port. A hacker is not a fairy, he also enters your computer through a port.
How did the hacker get into your computer? Of course, it is also based on TCP/IP protocol to enter your personal computer through a certain port. If your computer has a * * * shared directory, then hackers can enter your computer through port 139. Attention! WINDOWS has a flaw. Even if your password is set in the * * * access directory, you can access your computer in a few seconds. So you'd better not set * * * to access the directory, and don't allow others to browse the information on your computer. If all ports except 139 are not open, hackers can't invade your personal computer. So how did the hacker get into your computer? The answer is to get into your computer through a Trojan horse. If you accidentally run away from a Trojan horse, a port of your computer will open and hackers will enter your computer through this port. For example, there is a typical Trojan software called netspy.exe. If you accidentally run netspy.exe, it will tell WINDOWS to run it every time you turn on your computer. Then, netspy.exe opened a port with the number of 7306 on his computer. If a hacker knows that your port 7306 is open, he can use software to sneak into your computer. Trojan horse itself is used to invade personal computers. It is hidden in the computer and at work, and its operation and hacking will not leave any trace on the computer screen. WINDOWS itself has no software to monitor the network, so without the help of software, it doesn't know the existence of Trojan horses and the invasion of hackers. Next, rylxk 1 1 will let you use this software to find Trojan horses in your computer.
Take netspy.exe as an example. Now we know that netspy.exe has opened port 7306 of the computer. If you want to know whether your computer is in netspy.exe, just knock on the door of 7306. First, you open C:WINDOWSWINIPCFG. EXE program, find your own IP address (for example, your IP address is 10. 10. 10), then open the browser and enter the version of spy.exe in the address bar of the browser, so that your computer will have the Trojan horse of netspy.exe. This is the simplest and most direct method, but you need to know the ports opened by various Trojans. Rylxk 1 1 knows that the following ports are opened by trojans: 7306, 7307, 7308, 12345, 12346, 12346. However, even if you are familiar with all the known Trojan ports, you can't completely guard against these Trojans. We need to look for Trojan horses further.
Rylxk 1 1 once did an experiment: I knew that netspy.exe opened port 7306, so I modified its port with tools, and the modified Trojan opened port 7777. Now you can't find netspy.exe Troy the old-fashioned way. Therefore, we can scan our computer to see how many ports are open and analyze these open ports.
As mentioned earlier, the port of the computer is from 0 to 65535, in which 139 is normal, and the first port scanner is grayed out. Rylxk 1 1 Recommended Agent Hunter. After surfing the internet, find your own IP address. Please close the running network software now, because the port that may be opened will be mistaken for the port of Trojan horse, and then let the agent hunter check it.
Exclude ports other than 139 for further analysis. Use a browser to access this port and see what kind of reaction it will have. It can be judged according to the situation.
Are you tired of scanning so many ports? It will take more than half an hour. Now, Tcpview.exe can see which ports are open on the computer. In addition to port 139, there are other ports open, which can be analyzed. If you decide that your computer has a Trojan horse, then you must delete the Trojan horse from the hard disk.
Of course, the easiest way is to delete the Trojan with antivirus software. Netvrv virus protection wall can help you delete Trojans in netspy.exe and bo.exe, but it cannot delete netbus Trojans.
Let's take the Trojan network bus as an example to talk about the deletion process.
Briefly introduce the Trojan network bus. Netbus Trojan has two clients, both of which are open ports 12345, one representing Mring.exe(472576 bytes) and the other representing SysEdit.exe(494592 bytes).
Once Mring.exe runs, Mring.exe tells WINDOWS to run it every time it starts, and WINDOWS puts it in the registry. You can open C:WINDOWSREGEDIT. EXE, enter HKEY _ local _ machinesoftwareMicrosoft WINDOWS CurrentVersionRun, find Mring.exe to delete this key, and then find Mring.exe to delete it in Windows. Note that Mring.exe's name may have been changed by hackers, and the length of bytes has also changed, but his position in the registry will not change. You can look for it at this location in the registration form.
In addition, you can find an executable file containing the character "netbus" and then look at the byte length. I checked, WINDOWS and some other applications don't contain the character "netbus", and most of the files you find are variants of Mring.exe.
SysEdit.exe will not be added to the WINDOWS registry after running, nor will it automatically hang in other programs, so some people think it is a fool Trojan, while rylxk 1 1 thinks it is the most hateful and insidious Trojan. Other trojans are added to the registry, and you can track them. Even Bo Troy, which experts think is the fiercest, can be easily deleted from the registry.
And if SysEdit.exe is hung in other software, as long as you don't touch this software, SysEdit.exe won't attack. Once the installed SysEdit.exe program runs, SysEdit.exe will start at the same time. Rylxk 1 1 did an experiment on his own computer, and bound SysEdit.exe and c: windowssystemabcwin.exe. Abcwin.exe is an intelligent ABC input method. When I turn on the computer to surf the Internet, as long as I don't turn on the intelligent ABC input method for typing and chatting, SysEdit.exe won't be run. You cannot access my port 12345. If I want to type at any time, once the intelligent ABC input method (Abcwin.exe) is started, the SysEdit.exe bound with Abcwin.exe will also run, and my port 12345 will open, so others can hack into my computer. By the same token, SysEdit.exe can be tied with network tools such as network pagers and email tools, and even with dialing tools and hundreds of programs in computers. Do you know where I can find it? So I say this is the most insidious Trojan horse, which makes people hard to prevent.
Sometimes I know that I have won Troy, especially in SysEdit.exe. I can find that 12345 port is open, and I can use netbus client software to access my computer, but I don't know where Troy is. At this point, you can view the memory. Please open C:WINDOWSDRWATSON. EXE, then take a picture of the memory and view the Tasks tab in Advanced View. The running programs are listed in the Program column. If you find a suspicious program, look at the "path" column, find this program, analyze it, and you will know if it is a Trojan horse. Although SysEdit.exe can be hidden behind other programs, it is still exposed in C:windowsdrwathon. exe.
All right, let's look back. To know whether there is a Trojan horse in your computer, just look at whether there is a suspicious port open, and you can know it with agents Hunter and Tcpview.exe. To find a Trojan horse, one can go to the specified location in the registry, the other can find the executable program containing the corresponding program, such as opening port 7306 and finding the executable program containing "netspy", and the third is to check the memory to see if there are any programs available in the memory.
Trojan horses on your computer come from two sources. One is that you accidentally run a program containing a Trojan horse, and the other is that "netizens" give you a "fun" program. So you should be careful in the future, and find out what programs are running. The installation is easy to eliminate. ? nbsp
After destroying the Trojan horse, you can monitor the port and wait for the hacker to come quietly.
Introduce two softwares. First, NukeNabber is a port monitor. You tell NukeNabber to monitor port 7306 and call the police immediately if anyone touches this port. In others' eyes, your computer's port 7306 is open, but 7306 is not controlled by netspy. When NukeNabber finds someone touching port 7306 or trying to enter your port 7306, he immediately calls the police. You can see what the hacker did to you on NukeNabber, where the hacker's IP address is, and then attack the hacker in turn. NukeNabber can know who is bombing you with an IP bomb when monitoring 139. By the way, if NukeNabber tells you that you can't listen to port 7306, saying that this port has been occupied, then you have netspy in your computer. The second software is Tcpview.exe, which is a thread monitor. You can use it to see how many ports are open, who is communicating with you, and what is the IP address and port of the other party.