rive C.
After exporting, let’s go check it out, supposing we get infected by Trojans like MMMMM.exe and mmmmmm.dll, let’s get another pigeon, under the status not safe, we export all the files under this directory, then here’s the command: dir *.exe>c:\exe2.txt & dir *.dll>c:\dll2.txt
  Just save to the exe2.txt and dll2.txt files on drive C.
Next let’s compare, of course we would not see one by one, let computer to compare automatically.
Here use the command fc c:\exe1.txt c:\exe2.txt>>c:\b1.txt
fc c:\dll1.txt c:\dll2.txt>>c:\b2.txt
And the files b1.txt b2.txt are the comparison result for these two commands
All right, then we can check up whether the computer gets infected by Trojan. And then we find them out, terminate the process, delete and OK.
(4) Judge whether there’s Trojan by “missing temporarily”, and then combine with path and ports. Here’ re the basic steps:
1. Start—Run—cmd;
2. Check the path;
3. At last scan and kill Trojans.
Here we take svchost.exe as an example:
Normally svchoset.exe is under %systemroot%\system32,
While the Trojan svchost.exe is under windows\ststem32\wins or somewhere else.
Some Trojans like REDgirl could set insert process, you should be careful.
Pigeon process could also be modified, let’s simply do it, first check up the process svchost.exe with task manager, there will be 4 to 5 processes, then let’s end them.
If shutdown countdown appears,