“pigeon”, and you should pay attention to the points next:
“GrayPigeon_Hacker.com.cn”, gray pigeon server application. Remote supervision management.
Just check the modified information by pigeon with the original one, then you can judge whether it’s the pigeon Trojan running.
 Basic steps:
1. Check up the port, usually 8000;
You can use professional tool to check it up; also system tool is available, such as task manager, command prompt.
2. And then check up the location of the application and then terminate the process.
3. At last, delete the file. I will not demonstrate here, you should know that. And what’s worth your attention is that Tencent QQ will also enable remote 8000 port, you should learn to differentiate, and you can check Tencent IP address.
(3) Find out the Trojan by comparison.
Basic steps:
1. Back up some situation under safe status;
2. When system is abnormal, export the abnormal files;
3. Compare the results before and later, according to concrete situation, make a decision by yourself.
Here’s the concrete operation steps, let me demonstrate:
 First of all, as usually Trojan will hide under Windows\system32, and the suffix is exe, dll, so we should make a backup of the files *.exe and *.dll under safe status.
 The command is: dir *.exe>c:\exe1.txt & dir *.dll>c:\dll1.txt, which means to get all files with suffix exe and dll under system32 directory to the exe1.txt and dll1.txt notepad on d