Most families now use a router to form a small network. The network is basically online all day, so that the computer can be connected to the Internet as soon as it is turned on. Although this is very convenient, it may also open the door for hackers, who may sneak into your computer and wait for an opportunity to steal information. And these operations are carried out in the background of the system, how can we get out of the black hand behind this? The following system home tells you how to check if the network has been compromised. Look for the networked host in the intranet. You must first find the suspicious connection in the intranet. Run the network sniffing software WhoIsConnectedSniffer (http://tinyurl.com/lsxjktv, you need to install WinPcap first), run it for the first time, select the “WinPcap Packer Capture Drive” item in the pop-up query window, and then select in the list below. The current computer's IP address, and finally click OK to complete the setup and enter the software interface (Figure 1). From the list of interfaces, you can see a number of different IP addresses, one of which is the router's, and the other is connected to other computers or devices on the router. You can see through the “Name” item that it is easy to find suspicious connections, such as the connection of the network (Figure 2). Find out the malware in the system, whether it is hacker control or malicious program infection system, we need to find out to remove it. First find a computer that is connected to the network, try to close the programs that are running, and avoid them from interfering with the analysis process. Next, run “PC Hunter”(http://appwan.net/?p=483), click on the "network” tab in the window, you can see all the network connections of this computer (Figure 3) . In the "Remote Address" list, check to see if there is an IP address that appears in the WhoIsConnectedSniffer list. If it exists, the computer may be being sneaked or controlled. If not, it needs to be analyzed by other computers. The process ID information of the network connection is being viewed through the “process ID” list. Next, click on the “process” tab in the “PC Hunter" window to find the process ID information just recorded in the list. Right-click on this process and select the "Stop process running" command (Figure 4). Then through the list of WhoIsConnectedSniffer, check whether the data connection operation is still in progress. If not, it indicates that the process may be behind the scenes and needs to be processed. First find the file by process name, and it's best to upload it to a website like VirusTotal for analysis. If it is indeed a malicious file, in the “PC Hunter> Process” tab, right click on it and select “Delete file when ending the process” Of course, it may not be a malicious program, but the program is okay. It does not mean that all the modules are no problem. Continue to right click on it and select “View Process Module”. In the pop-up dialog box, check if there are any suspicious modules. , right click and select “ delete module file ” command. This article comes from [System Home] www.xp85.com