Remove Trojan manually
Check network connection
As many Trojan horses are always active to detect port, or connect specific IP port, so we can find Trojan virus through checking network connection without normal program connection. The specific steps: click start->;run->;CMD and then input the command netstat-an to see all the IPs connected with your computer and the ports detected by your computer, including four parts: proto, local address, foreign address and state. Thus we can completely monitor computer connection through detailed information of the command.
Service is one of lots of methods used to keep running in system all the time by Trojans. We can check what service ran by clicking start->; run->; cmd, and then input net start. We can find service in managing tools and stop using it.
3. Check startup item of system
Check startup item of system
Because it is complicated for users to learn about registry where is the best place to hide for Trojans? The way of checking registry startup item: click start
, and then check the key value with start of run
under HKEY_LOCAL_MACHINE Software Microsoft Windows CurrentVersion, and all the key value under HKEY-USERS . Default Software Microsoft Windows Current Version.
Otherwise, horses also love to hide in System.ini under the directory of Windows installation. When opennig the file, if you find shell=Explore.exe file.exe in the document [boot], the file.exe is the Trojan!
Malicious attackers love to control your computer by leaving a account. This can activate default account used less in system, and then promote the account to be manager. Thus this account will be extremely harmful to your computer. According to this situation, you can check your account by this way: click start->；run->; cmd, and then input net user in the command line to see users, and use net user name to check this user authority. Generally, all accounts are managed by administrators except administrator. If you find some a account managed by administrators, your computer must be attacked. You need to use net user name/del to delete this user.
If checked the Trojan, you can remove Trojan virus as followings:
- Run task management and kill Trojan process.
- CRUNheck , RUNSERVEICE and etc in registry. Firstly backup, write down the address of start item, and delete the suspicious item.
- Delete executable files in hardware found in key.
- Usually, this document is put under the file of WINNT, SYSTEM, and SYSTEM32, which don’t exist alone. Moreover, this kind of document is copied by other documents. Please delete these files if checked out the suspicious file of .exe, .com or bat under C.D.E disks.
- Check the registry HKEY_LOCAL_MACHINE SOFTWARE and HKEY_CURRENT_USER Microsoft Internet Explorer. If be modified, change it back.
- Check HKEY_CLASSES_ROOT txtfile shell open command and HKEY_CLASSES_ROOTxtfileshell open command. Once found being modified, you need to change it back. Trojans attarck computer by modifying .txt default program when users open text.
Trojan virus removal software
Perhaps, you don’t learn more about computer or feel so troublesome to check computer, it is a good choice to install Trojan removal software which can help you scan Trojan horses and kill them. Now there are many anti Trojan softwares available in the market. They can protect computer from virus and guard your privacy.