Tải bản đầy đủ
To launch jv16 PowerTools, select die Start menu by hovering die mouse cursor on die lower-left corner ot die desktop.

To launch jv16 PowerTools, select die Start menu by hovering die mouse cursor on die lower-left corner ot die desktop.

Tải bản đầy đủ

M od ule 0 6 - T rojans and Backdoors

u

‫י ״‬

Unilb
Rnta


(tarn
aP
PhutT..‫״‬

■3 Windows Server 2012
Wirdowt Server 2012 Rocate Cancxfatr Caucrnt.
fcvaluator copy. Eud *40.

.. . * J L J L . ‫ל‬

1

FIGURE 7.1: Windows Server 2012 Start-Desktop

18. Click jv16 PowerTools 2012 111 Start menu apps.
Start

A dm inistrator A

03 Winlogon
Notifications Shows DLLs
that register for Winlogon
notification of logon events

FIGURE 7.2: Windows Server 2012 Start Menu Apps

19. Click the Clean and fix my computer icon.

C] Winsock Providers
Shows registered Winsock
protocols, including
Winsock service providers.
Malware often installs itself
as a Winsock service
provider because there are
few tools diat can remove
them. Autoruns can uninstall
them, but cannot disable
them

C E H L ab M a n u al P age 476

E th ica l H a c k in g an d C ounterm easures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.

M od ule 0 6 - T rojans and Backdoors

P
1 E*e

Language

jvl 6 PowerTools 2012

O

K

lo o k

Help

r

Trad LrnMDon n Effect - 60 days left

Live Support:
Onlne

Handbook not
avadaWe

Home

Registry Tools

‫ו^ד‬

File Tools

i

System Tools

Fully remove
software and
leftovers

Speed up my
computer

Immunize my
computer

Verify my downloads
are safe to a n

Privacy Tools



Backups

Control which
programs start
automabcaly

Acton Hstory

L
U
J Settings
Trial Reminder



92<*>

Registry Health
9SV0
PC Health
jv l6 PowerTools (2.1.0.1173) runnng on Datacenter Edition (x64) with 7.9 GB o f RAM
[10:29:45 ‫ ־‬Tip]: Your system has now been analyzed. The health score of your computer ts 95 out o f 100 and the
health score o f yoir Wndows regstry 6 92 out o f 100. I f you scored under 100 you can improve! the ratings by
usrtg the Oean and Fa My Computer tool.

FIGURE 8.20: jvl6 Home page.

20. Tlie Clean and fix my computer dialog box appears. Click the Settings tab
and then click die Start button.
jv l 6 PowerTools 2012 [W8-x64] - Clean and fix my computer



Settings

Additional
safety

#

Additional
options

*

Li 10

Search
words

Ignore words

S e ttin g s

A

Emphasize sa fe ty over both scan speed and the number o f found errors.

Emphasize the number o f found errors and speed over sa fe ty and accuracy.

Selected setting:

H

C E H L ab M an u al P age 477

Normal system scan policy: all W indows-related data is skipped for additional
safety. Only old temp files are listed.

Cancel

E th ica l H a c k in g an d C o u n term easu res Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.

(3S LSA Providers Shows
registers Local Security
Authority (LSA)
authentication, notification
and security packages

M od ule 0 6 - T rojans and Backdoors

FIGURE 8.21: jvl6 Clean and fix my computer dialogue.

21. It will analyze your system for tiles; this will take a few minutes.
1-1 jv16 PowerTools 2012 [W8-x64]
File

Select

Tools

-

Clean and fix my computer!

‫־‬

I‫ם‬P x

Help

[
‫יג‬

Analyzing your computer. This can
take a few mmutes. Please wait...

Abort

‫ ט‬Printer Monitor
Drivers Displays DLLs that
load into the print spooling
service. Malware has used
this support to autostart
itself

FIGURE 8.22: jvl6 Clean and fix my computer Analyzing.

22. Computer items will be listed after die complete analysis.
iv16 PowerTools 2012 rW8-x641

LJ You can save die results
of a scan with File->Save
and load a saved scan widi
File->Load. These
commands work with native
Autoruns file formats, but
you can use File->Export to
save a text-only version of
the scan results. You can
also automate the generation
of native Autoruns export
files with command line
options

File

Select

Tools

-

Clean and fix mv comDuter!

‫־‬

!‫ ם‬r

x

Help

Item
Severity
Description
Tags
Item

/

Seventy

Descrpbon

Tags

.....................

!3 R e g istry E rrors

7

!‫ ־‬I ^

7

In v a lid file or d ire c to ry re fe re n c e

I ] c ) R e g istry ju n k
‫ח‬
|~1
‫ח‬
^

266

♦J O b so le te so ftw a re e ntry

4

U se le ss e m pty k e y

146

♦J U se le ss file e xte n sio n

116

+J S ta rt m enu and d e s k to p items

I

23

-

II

Delete

dose

Selected: 0, h igh lig h ted : 0, to ta l: 296

FIGURE 8.24: jvl6 Clean and fix my computer Items details.

23. Selected item details are as follows.

LJ Sidebar Displays
Windows sidebar gadgets

C E H L ab M an u al P age 478

E th ica l H a c k in g an d C o u n ten n e asu res Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.

M od ule 0 6 - T rojans and Backdoors

jv16 PowerTools 2012 [W8-x64] - Clean and fix my computer
File

Select

Tools

Help

Item
Seventy
Description
Tags
Item

/

Seventy

Descry to n

Tags
A

7

13 R e g istry E rrors
13 ‫ח‬
‫כ‬

In v a lid tile or d ire c to ry re fe re n c e

HKCRUnstall

:3 %

1HKCRUnstal
^

HKLM\softw<

13%

Fie or directory X :
FJe or directory X :

□ HKLM\SOFT\/

13%

□ HKLM\SOFT\l

13%

_ | HKLM\S0ttwi


=

Fie or directory 'C:

_ ] H K L M \s o ttw ;^ B

H Compare the current
Autoruns display with
previous results that you've
saved. Select File | Compare
and browse to die saved file.
Autoruns will display in
green any new items, which
correspond to entries that
are not present in the saved
file. Note that it does not
show deleted items

7

FJe or directory X :

File or directory X :
Fie or directory X :
FJe or directory X :
266

13 R e g istry ju n k

V

Selected: 0, h ig h lig h te d : 0, to ta l: 296

FIGURE 8.23: jvl6 Clean and fix my compute! Items.

24. The Registry junk section provides details for selected items.
1-‫ י‬jv16 PowerTools 2012 [W8‫־‬x64]~ Clean and fix my computer! ‫־־‬
File

[‫־־‬J If you are running
Autoruns without
administrative privileges on
Windows Vista and attempt
to change die state of a
global entry, you'll be denied
access. Autoruns will display
a dialog with a button that
enables you to re-launch
Autoruns with
administrative rights

Select

Tools

‫ם‬

*

Help

Item
Severity
Description
Tags
Item
_] 3

/

Severity

Description

Tags

R e g istry ju n k

266

3

‫ח‬



HKCUVSoftw

O b so le te s o ftw a re e ntry
30%

Obsolete software e



HKCU^oftw

30%

Obsolete software {



HKUS\S-1-S-

30%

Obsolete software ‫ז‬



HKUSV1-5-

30%

Obsolete software e



(3 U se le ss e m pty ke y



HKCRVaaot |



HKCRVaaot

20%

Useless empty key



HKCRVacrot

20%

Useless empty key

‫ח‬

MKCRV.aaot

20%

Useless emotv kev

10%

4

146
Useless empty key

‫✓י‬

Selected: 0, h ig h lig h te d : 0, tota l: 296

FIGURE 8.25: jvl6 Clean and fix my computer Item registry junk.

25. Select all check boxes 111 die item list and click Delete. A dialog box appears.
Click Yes.


L&S f c s l i l f i f l Page
Empty Locations selection
in die Options menu is
checked Autoruns doesn't
show locations with no
entries

479

E th ica l H a c k in g an d C o u n term easu res Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.