The Windows operating system, with all its undoubted advantages, has one significant drawback. Namely, it is vulnerable to viruses and Trojans. And although antiviruses and firewalls significantly reduce the risk of infection, the user is sometimes faced with the need to find a virus that has settled on his computer.
Instructions
Step 1
All destructive programs can be divided into two types. Some of them declare themselves very explicitly: for example, they destroy information, display various messages on the screen, cause disturbances in the operation of the computer. Others, usually Trojans, try to hide their presence.
Step 2
When you come across signs of the presence of programs of the first type, try to find the program file and the autorun key. Open the Task Manager (Ctrl + alt="Image" + Del) and see if there are any processes with suspicious names that are not typical for your system. If there is one, write down its name, then “kill” the process by highlighting it with the mouse and clicking the “End process” button.
Step 3
If the process can be completed and the computer problems have disappeared - which means that you have completed the process of the destructive program - open the registry editor. To do this, click: "Start - Run" and enter the command regedit, then click "OK". The Registry Editor window will appear. Open the search: "Edit - Find" and enter the name of the completed process without the extension. Delete all found autostart keys.
Step 4
If a virus or trojan is hiding its presence in the Task Manager, use the Spyware Process Detector program, which can be found on the Internet. It allows you to detect the processes of hidden programs and terminate them. With its help, you can also remove autostart keys from the system registry.
Step 5
Open Command Prompt: Start - All Programs - Accessories - Command Prompt. Type netstat –aon, press Enter. You will see a list of active network connections. In the column "Local address" you will see the open ports of the computer that are currently being used. The “Status” column will display the status of these ports.
Step 6
The ESTABLISHED value indicates that there is an Internet connection on this port at the moment. The LISTENING state indicates that the port is open, and the program using it is waiting for a connection. Such a program can be a backdoor - a program that allows you to remotely control your computer.
Step 7
Remember the PID (identifier) of this program, it is indicated in the last column. Type tasklist on the command line, you will see a list of processes. Find the required identifier in the PID column and see which process it corresponds to. You can immediately "kill" this process with the command taskkill / pid 1234, where instead of "1234" you specify the PID of the process to be terminated.
Step 8
Ports 135 and 445 in Windows are open by the operating system itself. It is recommended to close them with the "wwdc.exe" utility. Always keep track of which programs are opening ports on your computer. Don't work without a firewall. Always turn on the display of file extensions. Update your anti-virus databases in a timely manner.