Trojans are highly concealed and harmful, and are severely hated by people. In fact, a Trojan is essentially an application that can be used to easily play a computer with the Trojan. It can be seen that a trojan must have a premise that the user must run the server program of the Trojan.
Of course, this kind of running user will certainly not take the initiative, then the Trojan horse must find ways to make it run automatically. Now we will teach you how to find out the hiding place of Trojans in the system and clear them.
1. Integration into the program
Users generally do not take the initiative to run the trojan program. In order to attract users to run the trojan program, they will bundle the trojan file with other applications. What users see is a normal program. However, once you run the program, not only should the program run normally, but also the bundled Trojan program will be secretly running in the background.
This kind of Trojan horse hidden in other applications is very harmful and not easy to find. If it is bound to a system file, it will run as Windows starts. However, as long as we install the personal firewall or enable the Windows Firewall in Windows XP SP2, when the Trojan server tries to connect to the client of the Trojan, it will ask if it is allowed, based on this, you can determine whether you have any Trojans.
2. Hiding in a media file
Strictly speaking, users do not have Trojans. However, its hazards are easily ignored. According to the survey, we found that the attention to audio and video files is not high. A common method is to insert a piece of code into a media file. The Code contains a website address, which is automatically accessed when the video is played at a specified time, the content of the page referred to by this website is webpage Trojans or other hazards.
Therefore, when we download a video from the Internet, if we find that the window is suddenly opened, we should not be curious but close it immediately, and then skip the video playing during this period.
3. Hide it in System. ini
System. ini is also a great place for us to find out where Trojans are hiding. Run "msconfig" to open the SYSTEM Configuration Utility and switch to "SYSTEM. you can also directly open the System under the Windows installation directory. INI file, and then check the line "shell =" in the [boot] region. If "shellegreser.exe" is displayed, it means it is normal. If it is other content, it indicates that it may be a Trojan. In the [cmdenh] area, check "driver = path \ program name". If any unknown file name is found, it may also be a Trojan.
4. Hide it in Win. ini
Similar to System. ini, Win. ini is also a place where Trojans like to load. In this case, we can open Win in the system directory. INI file, and then check the [Windows] region "load =" and "run =". Normally, they should be left blank. If you find that they are followed by a program, the loaded programs may be Trojans and need to be deleted.
5. Hide it in Autoexec. bat
There is an Autoexec. bat file in the root directory of the C drive. The content here will automatically run when the system starts. Config. sys is similar to this file. Because it runs automatically, it becomes a hiding place for Trojans. To solve this problem, we also need to open these two files and check whether the program with unknown origins is running.
Vi. Task Manager
After running some Trojans, we can find the traces in the task manager. Right-click the task bar and select "Task Manager" in the pop-up menu. Switch the window that appears to the "process" tab and check whether there are processes that occupy a large amount of resources, are there any unfamiliar processes. If yes, try to close them first. In addition, we want to make special calls for the "assumer.exe" process. For a lot of Trojans, we will use the exp1orer.exe process name, that is, Replace" l "with" 1 ". The user did not check it carefully and thought it was a system process.
7. Start
In Windows XP, we can run "msconfig" to switch the Opened Window to the "Start" tab. here we can see all the startup and loading projects, in this case, you can determine whether the trojan is started and loaded based on the "command" and "location. If the trojan is identified as a Trojan, it can be restarted and then further processed.
8. Registry
Most of the operation control of our program is controlled by the Registry, so we need to check the registry. Run "regedit" to open the Registry Editor and check the following areas in sequence:
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion, HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion,
HKEY_USERS \. default \ Software \ Microsoft \ Windows \ CurrentVersion. Check all the key values starting with "run" in the three regions, if the key value content points to some hidden files or programs that have never been installed, these are likely to be Trojans.
The only reason a Trojan can do anything is because it is good at hiding itself. However, if we have mastered its hiding place, we can clear it one by one. Of course, when a trojan hides itself in the actual disguise, it may use one or more of the above methods to disguise itself. This requires us to check whether the trojan is cleared, you cannot only check some of these locations. Make sure they are all-round.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
