Many new users do not know much about security issues, so they do not know how to clear trojans on their computers. Therefore, the most important thing is to know the working principle of the "Trojan", so that it is easy to find the "Trojan ".
The trojan program tries its best to hide itself. The main ways are to hide itself in the taskbar. This is the most basic thing if you set the visible attribute of form to false and showintaskbar to false, when the program runs, it will not appear in the taskbar. Stealth in Task Manager: setting a program as a "system service" can easily disguise itself.
Of course, it will also start quietly. You certainly won't expect the user to click the "Trojan" icon to run the server after each startup. The "Trojan" will automatically load the server every time the user starts, the method for automatically loading an application when windows is started is used by Trojans, such as Startup Group and win. ini, system. ini, registry, and so on are all good places for Trojans to hide. The following describes how a trojan is automatically loaded.
In the win. ini file, under [windows], "run =" and "load =" are possible ways to load the "Trojan" program. You must pay attention to them carefully. Generally, there is nothing behind their equal signs. If you find that there are paths and file names behind them that are not familiar with the Startup File, your computer may be "Trojan. Of course, you have to see clearly, because many "Trojans", such as "aol trojantrojan horse", pretend to be a command.exe file. If you do not pay attention, you may not find that it is not a real system startup file.
In the system. ini file, there is a "shell = file name" under [boot ". The specified file name should be "assumer.exe". If it is not "assumer.exe" but "shell = assumer.exe program name", the program that follows is a "Trojan" program, that is, you are already in the "Trojan.
The situation in the registry is the most complex. Open the Registry Editor by running the regedit command and click the "hkey-local-machinesoftware microsoftwindowscurrentversionun" directory, check whether there is an unfamiliar Automatic startup file in the key value. The extension is exe.
Here, remember: Some "Trojan" programs generate files much like the system's own files. They want to pass through disguise, such as "acid battery v1.0 Trojan ", it changes the explorer key value in the Registry "hkey-local-machinesoftwaremicrosoftwindows currentversionun" to explorer = "c: windowsexpiorer.exe ", there is only a difference between the trojan program and the real explorer between "I" and "l.
Of course, there are many other places in the registry where the "Trojan" program can be hidden, such: "hkey-current-usersoftwaremicrosoft windowscurrentversionun" and "hkey-users ***** softwaremicrosoftwindows currentversionun" directories are all possible, the best way is to find the file name of the Trojan program under "hkey-local-machinesoftware microsoftwindowscurrentversionun", and then search the entire registry.
Knowledge: Trojan originally refers to the story of ancient Greek soldiers hiding in the Trojan horse and entering the enemy city to occupy the enemy city. On the internet, a "Trojan Horse" refers to an application or game that some programmers can download from the internet, including programs that can control users' computer systems, it may cause damage or even paralysis of the user's system.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
