5. start
run
regedit
HKEY_LOCAL_MACHINE
Software
Microsoft
window
current Version
run
6.
7.
8. 1. First make sure that how many users’
accounts are there in your computer
2. Find out if there are any unknown accounts
with higher privileges.
3. Someone may create a user account without
your knowledge and can use that account to
access your system from a remote location.
9. 4. Go to the control panel
5. open the user accounts and check if the
user is turned off and if there is any other
account that you did not create.
6. Delete any unknown account except
known account
10.
11.
12.
13.
14.
15. Go to the the run
Write cmd
Write netstate –ano
watch state established and pid number
Go to the task manager
Go to process
look the pid number
Right click to the pid open file location and
delete this server or vires
16.
17. Process Red color : finish the work
Process green color :is hacked and continue
Process Yellow color : hacked and changed
port and server