Trojan Horse is a remote control of the virus program, the program has a strong concealment and harm, it can be unnoticed in the state of control you or monitor you. Some people say, since the Trojan is so powerful, then I can not be far away from it! However, this trojan is really "naughty", it can be no matter whether you welcome, as long as it is happy, it will try to get into your "home"! Ah, that also got, hurry to see their own computer there is no Trojan, perhaps is "home" To stir up trouble! Then how do I know where the Trojan horse, I believe that the rookie is not familiar with the Trojan must want to know such a problem. The following is the trick of the Trojan lurking, after watching do not forget to take the trick to deal with these losses yo!
1, integrated into the program in fact Trojan is also a server-client programs, in order not to allow users to easily delete it, it is often integrated into the program, once the user activates the Trojan, then the Trojan file and an application bundled together, and then uploaded to the server to cover the original file, so even if the trojan was deleted, As long as the application bundled with the Trojan, the Trojan will be installed up. Bound to an application, such as binding to a system file, every time Windows startup starts a Trojan. 2, hidden in the configuration file Trojan is too cunning, know that the rookie is usually used in the graphical interface of the operating system, for those who have not very important configuration files are mostly indifferent, which just give a trojan to provide a hiding place. And the use of the special role of configuration files, Trojans can easily in everyone's computer run, attack, and thus peeping or watching everyone. However, now this way is not very covert, easy to find, so in Autoexec.bat and Config.sys loaded Trojan horse program is not seen, but also can not be taken lightly oh. 3, lurking in the Win.ini Trojan in order to achieve control or monitor the purpose of the computer, must be run, however, no one will be silly to their own computer running this damned Trojan. Of course, the Trojan is also early psychological preparation, know that human is a high IQ of animals, will not help it to work, so it must find a safe and can be in the system start automatically run the place, so lurking in the Win.ini is a Trojan feel more comfortable place. You may wish to open Win.ini to see, in its [Windows] field has the start command "load=" and "run=", in general, "=" after the blank, if there is followed by the program, for example: Run=c:windowsfile.exe load =c:windowsfile.exe at this time you must be careful, this file.exe is probably a Trojan oh. 4, camouflage in the ordinary document This method appears relatively late, but now very popular, for unskilled windows operator, it is easy to be fooled. The specific method is to disguise the executable file as a picture or text----in the program to change the icon to the Windows default Picture icon, and then change the file name to *.jpg.exe, because the Win98 default setting is "Do not display known file suffix name", the file will be displayed as *.jpg, People who don't pay attention to this icon is a Trojan horse (if you embed a picture in the program is more perfect). 5, built-in to the registry above the method to make the Trojan really comfortable for a while, no one can find it, and can automatically run, it is fast! However, the long time, the human quickly took it out of the hand, and it was severely punished! But it is still unwilling, summed up the lossAfter losing the lesson, think the above hiding place is very easy to find, now must hide in not easy to be found place, so it thought of the registration form! Indeed, due to the complexity of the registry, Trojans often like to hide in here merry, quickly check, what procedures in its next, open eyes carefully look, do not let go of the Trojan Oh: hkey_ Local_machinesoftwaremicrosoftwindowscurrentversion all the key values that begin with "run"; Hkey_current_usersoftwaremicrosoftwindowscurrentversion all the key values that begin with "run"; Hkey-users. Defaultsoftwaremicrosoftwindowscurrentversion all the key values that begin with "run". 6, hiding in the System.ini
The Trojan Horse is really everywhere! Where there is a loophole, it goes to where to drill! This is not, Windows installation directory under the System.ini is also a trojan like hidden place. Or be careful, open this file to see if it is different from the normal file, in the [boot] field of the file, is there such content, that is Shell=Explorer.exe File.exe, if there is such content, then you are unfortunate, because the file.exe here is the Trojan server program! In addition, in the [386Enh] field in System.ini, be careful to check the "driver= Path program name" In this paragraph, There is also the possibility of being used by Trojans. Again, in the System.ini [mic], [drivers], [drivers32] These three fields, these sections are also played to load the role of the driver, but also add Trojan program good place, now you should know also to pay attention here. 7, invisible in the start-up group, sometimes the Trojan does not care about their whereabouts, it is more attention to the ability to automatically load into the system, because once the Trojan loaded into the system, any way you can not get rid of it (hey, this trojan skin is really too thick), so according to this logic, the Startup group is also a good place to hide the Trojan horse, Because this is really a good place to load and run automatically. The folder for the Move Group is: C:windowsstart Menuprogramsstartup, location in the registry: Hkey_current_ Usersoftwaremicrosoftwindowscurrentversionexplorershellfolders startup= "C:windowsstart menuprogramsstartup". Be careful to check the startup group often! 8, concealed in the Winstart.bat in accordance with the above logic theory, generally conducive to the Trojan can automatically load the place, the Trojans like to stay. No, Winstart.bat is also a file that can automatically be run by Windows, which is automatically generated for both applications and windows, and executes after Win.com has been executed and most drivers are loaded ( This can be learned by pressing the F8 key at startup and then by selecting a step-by-step trace of how the startup process starts. Because the function of Autoexec.bat can be replaced by Winstart.bat, the Trojan can be loaded and run as it is in Autoexec.bat. 9, bundled in the startup file, that is, the application of the startup configuration file, the control end of the use of these files can start the characteristics of the program, will be made with the Trojan boot command of the same name uploaded to the server to cover the same nameFile, so you can achieve the purpose of starting the Trojan. 10, set up in the Super connection Trojan owner placed malicious code on the Web page, luring users to click, the results of user clicks self-evident: Kaimen! Advise not to click on the link on the page, unless you know it, trust it, die for it, and so on.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.