operating system Windows, for all its undoubted advantages, has one significant drawback.Namely, it is vulnerable to the virus and Trojans.Although antivirus and firewall significantly reduce the risk of infection, sometimes the user is faced with the need to find a virus that settled on his computer.
All destructive programs can be divided into two types.Some of them declare themselves very clearly: for example, destroy the information, display a variety of messages, cause the computer to malfunctio
n.Others, usually for Trojans try to hide its presence.
Faced with signs of the presence of the first type of programs, try to find the program file and key startup.Open Task Manager (Ctrl + Alt + Del), and see if there are any processes with suspicious names, not specific to your system.If there is one, write down the name, then "kill" the process by selecting it with the mouse and clicking the "End Process."
If the process failed to complete and the computer to malfunction disappeared - that says that you have completed the process is destructive program - open the Registry Editor.To do this, click "Start - Run" and type regedit, and then click "OK".You will see the Registry Editor.Open the search: "Edit - Find" and enter the name of the process completed without the extension.All found the keys, remove startup.
If a virus or Trojan to hide its presence in Task Manager, use the Spyware Process Detector, it can be found on the Internet.It allows you to detect processes hidden programs and terminate them.You can use it to remove the keys from the registry startup.
Open a command prompt: Start - All Programs - Accessories - Command Prompt.Enter the command netstat -aon, press Enter.You will see a list of active network connections.In the column "Local Address" you will see the open ports of the computer currently in use.In the column "Status" will reflect the status of these ports.
value ESTABLISHED indicates that the currently implemented on the port connection to the Internet.Status LISTENING indicates that the port is opened, it uses the program waits for the connection.Such a program can be a backdoor - a program that allows you to remotely control your computer.
Remember PID (identifier) of the program, it is listed in the last column.At the command prompt, tasklist, you will see a list of processes.The PID column find the required ID and see which process it corresponds.You can immediately "kill" the process command taskkill / pid 1234, where instead of "1234" you specify the PID of the process to be completed.
Ports 135 and 445 are opened in Windows operating system itself.It is recommended to close their utility «wwdc.exe».Always keep track of what programs open ports on your computer.Do not operate without a firewall.Always turn the display file extensions.Keep your anti-virus database.