Win2003 Server A trick to waste all Trojans (anti-claim) _ Server other

1. Preface:
The harm of Trojan horse is that it can control your computer remotely. When you become a "chicken", others (control) can enter your computer, peep your files, steal passwords, and even use your QQ to send some messy things to your friends ...
Trojans appear in large numbers, because it has a direct commercial interest. Once your online banking password is stolen, it's too late to cry.
Because of this, now the more the Trojans multiply, a great "wild fire endless" potential. Trojan and virus cooperate with each other, the harm is more and more big.
It is no exaggeration to say: The Trojan is from the network cable into your home thieves robber. Anti-Kill Trojan, has become a compulsory course for modern computer users.
2. Principle:
Trojan Hazard, although a variety of means, but same, the necessary step is to establish an administrator user in your system. This article is to start from this link, to prevent Trojans to establish users. In this way, even if your computer has been infected with Trojans, but because the user can not build, Trojan can not play the function of remote control. In other words, it is to waste it and make him into waste. Of course, waste clearing also needs to be cleaned up, but this is no longer within the scope of this article.
3. Methods:
Run Regedt32.exe open your registry, which has a directory tree:
Open Directory HKEY_LOCAL_MACHINE
Then open the directory SAM
Then open the directory SAM
Then open the directory Domains
Then open the Directory account
Then open the directory Groups
Well, that's the Groups is responsible for building the user. By deleting it, the system will not be able to create users. No matter how the Trojan toss, can not build users, not to mention promoted to administrators. If the file in this directory is deleted, there is no way to restore it. Therefore, before this operation, you have to make a backup, when necessary, you can restore.
Backup method: Right click Groups Select "Export", give the exported file a name, save good, it can be.
　 4. Description:
Maybe when you go into the registry, you can only see the first SAM directory, and the rest of the list is not visible. Don't worry, that's because you have insufficient permissions, right click on the directory to select "Permissions", you (usually Administrators) set to "Allow Full Control" on it. After you set permissions, turn off the Regedt32.exe, and so on, until you find the Groups directory.
5. Restore:
It's easy to find the file you exported, just click on it.
Since you have deleted the Groups directory, you will not be able to use the "user accounts" and "Local Users and Groups" features in Control Panel, so backing up your files is important. When you need to use the corresponding function, first restore, as before. Of course, it doesn't matter if you're a personal user and you're the one who uses the computer all the time.

Look, it's very useful for everyone, hehe ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ All applications are not open. 　　At this time, if the user's knowledge of computer technology is limited to the use of anti-virus software, it can only be crying to reload the system why is this? Is this trojan also maliciously modified the system core? In fact, the answer is very simple, because this Trojan modified the application (EXE file) of the parallel way. What is the "parallel approach"? According to my teacher (online very famous, Beida Jade Bird Xiyuan old) Introduction: In Windows System, file open operation is through the registry of the corresponding key value specified application to execute, this part is located in the registry "HKEY_CLASSES_ROOT" In a primary key, when the system receives a file name request, the file type is recognized here based on its suffix name, and the corresponding program is invoked to open it. And the application itself is treated as a file, it also belongs to a file type and can be opened in other ways, except that Windows sets its calling program ""%1 "%*", allowing the system kernel to be interpreted as "executable request," which creates a process for files that use this open method. The final file is loaded, and if another program changes the key, Windows invokes the specified file to open it. Some Trojan program to the exe suffix name corresponding to the Exefile type of "open mode" changed to "Trojan Horse program"%1 "%*", when running the program, the system will first create a process for the "Trojan", the following file name as a parameter passed to it execution, so in our view the program was started normally. Because Trojan program is used as the calling program of all EXE files, so that it can reside in memory for a long time, can restore its own files each, so in the general user's view, this Trojan has done "immortality". 　　However, once the Trojan is deleted, Windows will not be able to find the appropriate caller program, so the normal program can not be implemented, which is called "All programs can not run" situation source, is not a Trojan changed the system core, but also not necessary to reload the entire system. The easiest way to eradicate this trojan is simply to see how the exe file is opened and what program it is pointing to. immediately stop the process of this program, if it also produces other Trojan files, also stop together, and then keep the Registry Editor open (otherwise all your programs will not open) 　Delete all Trojan files, the Exefile "open mode" item Key_classes_root\exefile\shell\open\command back to the original ""%1 "%*" can be.　If you delete the Trojan before you forget to change the parallel way back, you will find that the program can not open, this time do not worry, if you are Win9x users, please use "Shell replacement Dafa": Restart and press F8 into the boot menu to select MS-DOS mode, 　　To change the name of Explorer.exe casually, and then renamed REGEDIT.EXE as Explorer.exe, again after the restart will be found to enter the Windows only a registry editor, and quickly put the parallel way back to the restart do not forget to restore the previous Explorer.exe. For WIN2000/XP users, this is simpler, as long as you press F8 into the boot menu at power-on, select "Safe Mode at command Prompt", the system will automatically call the command prompt interface as a shell, Enter regedit directly inside to open Registry Editor XP users do not even need to restart, directly in the "open mode" to browse to CMD.EXE can open the command prompt interface to run the Registry Editor REGEDIT.EXE ....

In fact, the server to install a McAfee on it, the specific settings can be referred to
Http://www.jb51.net/hack/40724.html