Protection against viruses and Trojans is relevant for all users of the Windows operating system. Even a very good anti-virus program with daily updated anti-virus databases is not capable of guaranteed protection against theft of confidential information. But you can significantly reduce the risk by following fairly simple rules.
Instructions
Step 1
Never work on the Internet without a firewall (firewall) and antivirus software. Configure the antivirus to update its databases automatically; instead of the Windows firewall, install a third-party program. Do not seek to purchase a popular firewall, a less well-known program will provide more reliable protection in this case. Hackers know well which firewalls are the most popular and teach Trojans to bypass them. The built-in Windows firewall is the most unreliable in this regard.
Step 2
Trojans, in the overwhelming majority of cases, get onto a computer with files downloaded from the Internet, when they click on unverified links and when visiting infected Internet pages. Do not trust files from dubious sources, many of them are infected with Trojans. Don't follow links in emails from strangers. Update the operating system in a timely manner to close the identified vulnerabilities.
Step 3
Be sure to enable display of file extension. Open any folder or drive, then go to: "Tools - Folder Options - View". Uncheck the "Hide extensions for registered file types" checkbox. When working with files, always look at their extensions, they must match the file types.
Step 4
Sometimes malicious executables are masked by separating the extension from the file name with a large number of spaces. In this case, the user seems to see, for example, a photo file: foto.
Step 5
If you suspect that a Trojan horse has finally entered your computer, try to find it yourself. First of all, you need a good program to view running processes - for example, AnVir Task Manager. It allows you to see the list of processes, names and locations of executable files, their startup keys.
Step 6
Run the program, open the list of processes. Dangerous and suspicious processes will be highlighted in the list in color. Determine which programs these processes belong to, this can be done by looking at the path to the executable file. If necessary, stop dangerous processes, delete their executable files and startup keys in the system registry.
Step 7
Some Trojans, known as backdoors, allow an attacker to remotely control your computer. The server part of such a program is located on the victim's computer, while the client part is on the hacker's computer. In this case, the server part "hangs" on some port, waiting for a connection. To check if you have similar connections, open a command prompt: "Start - All Programs - Accessories - Command Prompt".
Step 8
Type netstat –aon at a command prompt and press Enter. You will see a list of all Internet connections. In the "Local Address" column, you will see the local addresses and ports open on your computer. The column "External address" will show the ip-addresses with which your computer was connected or is connected at the moment. The current connection status is reflected in the “Status” column. The last column - PID - lists the process identifiers.
Step 9
To find out which program opens a particular port, type the tasklist command in the same command line. You will see a list of all processes with their IDs. After looking at the PID of a suspicious process in the list of connections, find this ID in the list of processes and see which program it belongs to.
Step 10
Close dangerous processes by typing taskkill / pid 1234 / f at the command line and pressing Enter. The f parameter is needed to force the process to terminate, instead of "1234" enter the identifier you need.
