Nowadays, Trojans are increasingly tricky. They often use file bundling methods to bundle Trojans into common files such as images and plain text, then, these files are sent to the victims through QQ, Email, or MSN. Once these files are opened accidentally, you will be "lucky" (of course a Trojan ). What general rules should we pay attention to when dealing with these bundled Trojans?
First: Common Anti-Virus Software
This is the safest and most classic defense method, especially for files sent through QQ, MSN, and other instant messaging tools. You must use anti-virus software to detect viruses before opening them. For some common trojans, as long as they are upgraded to the latest virus database, they can be scanned and killed. For example, the author's Norton 2002will give a exposure prompt to the mill.bmp file, as shown in 1.
In MSN Messenger, select Tools> options, click the message tab, and under file transfer, select the "use the following program for virus scanning" check box, then select the corresponding antivirus program to enable MSN to automatically disinfect the transmitted files (2 ).
Tip 2: display the full name of the file
The executable program. A trojan binds the Trojan to a jpg image. When you double-click the file, it is actually a jpg image, but the trojan is secretly running in the background. Solution: Open "my computer", click "Tools> Folder Options", and click "View" to remove the hooks before "hiding the extensions of known files" (4 ). In this case, if you touch the.jpg.exe file, you can see its true nature and be very careful.
Step 3: Make good use of Process Monitoring
As mentioned above, a bundled Trojan runs in the background when we open a file. For example, when opening an image file, in addition to the program shown in the figure, a process should be running. In this way, when opening such files, we first use Ctrl + Alt + Del to bring up the current process list of the system and write down the list. After opening the file, we can quickly switch to the task manager window to view the list, the extra process is the released Trojan.
Tips
Some Trojans are very small, and the installation process is too long. Therefore, it is faster to switch to the task manager. You can also keep the task manager in the memory. For more information, see "hide the running task manager" in this system sentence.
Step 4: professional tools
Fearless Bound File Detector (worry-free File Detector: plugin) is a software used to detect whether a File is Bound. After running the program, drag the File to the window, click scan file. If it is normal, the program prompts "Nothing is found, the file is obviously clean". If it is a bundled file, the program will prompt "4E007h extra bytes are found and start to compensate for C600h, 5.
Tips
If you use it to clean the bundled file, the rest is the bundled header file, and the size is 57.5KB, it will destroy the original file, so if you think the bundled file is useful to you, do not clean the file, but use a program to check whether other files are bound.