To log in to the broiler, you must know three parameters: the IP, user name and password of the remote computer.
When it comes to broilers, it is necessary to talk about remote control. Remote control software such as Grey Pigeon, Shangxing, etc. There are also some remote control software that needs to be hung on broilers.
Broiler is not something to eat, but a machine that can be controlled remotely after being hit by a Trojan horse or leaving a back door. Nowadays, many people call the machine with WEBSHELL permission a broiler.
No one wants their computer to be controlled by others, but many people's computers are almost undefended and easily controlled by remote attackers. Therefore, your computer has become the meat on someone else's chopping block, and others can eat whatever they want, which leads to a broiler (machine).
First, users who are surfing the Internet should disconnect immediately if they find any abnormality.
If you find that IE often asks you whether you have run some ActiveX controls, or generated inexplicable files, or asked about debugging scripts, you must be on your guard. You might get caught. There are two typical situations in which the Internet is invaded:
First, when browsing some web pages with malicious code, the default homepage or title of the browser is modified, which is considered to be light; In another case, you can format your hard disk or keep your window open until you run out of resources and crash-this situation is much worse, and the data you have not saved and have put on your hard disk may be lost in part or in whole.
The second is a potential Trojan horse attack, or a worm-like virus attack, which makes your machine constantly send your privacy to the outside world, or use your name and email address to send garbage to further spread the virus; There is also the manual invasion of hackers, spying on your privacy or deleting files that destroy you.
Self-help measures: disconnect immediately, so as to reduce your own losses and prevent the virus from spreading to more online computers. Please do not restart or shut down the system immediately. Please refer to the following for further treatment measures.
Two, after poisoning, should immediately backup, transfer files and mail.
It is natural to run antivirus software after poisoning, but in order to prevent antivirus software from killing or deleting your unfinished documents and important emails, you should back them up to other storage media first. Some files with long file names and unprocessed emails need to be backed up under Windows, so I suggest you don't quit Windows yet, because once the virus breaks out, you may not be able to enter Windows.
Whether these documents are poisonous or not, you should back them up and mark them with label paper as "pending investigation". Because some viruses are specially designed for a certain antivirus software, they will destroy other files as soon as they run, so backing up first is a preventive measure. It is best to analyze and process these extra backup files slowly after clearing the virus from the hard disk.
Third, you need to run the software that kills CIH under Windows (even in a toxic environment).
If you find the CIH virus, you should pay attention to the measures suggested in newspapers and manuals, that is, turn off the computer first, then boot it with the system disk before antivirus. Instead, we should run software that specifically kills CIH in a toxic environment. If you do this, the antivirus software may report that some files can't be cleaned because of read-write protection, but the actual purpose of running with virus is not to completely remove the virus, but to minimize the harm of CIH when you start up next time, so as to prevent the BIOS hardware of the motherboard from being damaged when you start up again, resulting in a black screen, which makes your next antivirus work impossible.
Fourth, clean DOS startup disk and anti-virus software under DOS are needed.
Up to now, it should be done step by step according to the standard manuals of many anti-virus software. That is, cold start after shutdown, and start with clean DOS startup disk; In addition, due to poisoning, some key files of Windows may have been destroyed, and illegal operations will be frequently reported, so anti-virus software under Windows may not run. So please also prepare an antivirus software under DOS just in case.
Even if you can run antivirus software under Windows, please use more than two tools for cross-cleaning. In most cases, Windows may need to be reinstalled, because viruses can destroy some files, slow down the system or cause frequent illegal operations. For example, even if CIH was killed, Microsoft's Outlook mail program was slow to respond. It is recommended not to be biased against a certain antivirus software. Due to the different development priorities and anti-virus engines used, all kinds of anti-virus software have their own advantages and disadvantages, and the cross-use effect is ideal.
5. If there is a backup of Ghost, partition table and boot area, it is safest to restore it once.
If you usually make a copy of Windows with Ghost and mirror it once, the operating system you get is the safest. In this way, even the potential trojans that have not been killed have been cleaned up by the way. Of course, this requires that your Ghost backup is absolutely reliable. If the Trojan horse is also "carried" when it is a ghost, the trouble will be endless.
6. After restoring the system again, change your network-related password.
Including user name, password, email password, QQ password, etc. To prevent hackers from entering your system with the password obtained during the last intrusion. In addition, because many worm attacks will randomly send your information, you should change it in time.