Easily deal with "Trojan"

1. About Trojans

Trojans are a very special family of viruses. It is essentially a network client program. The principle of Trojan is as follows: a host with a Trojan controlled is equivalent to a server, and a control terminal is equivalent to a client, as a server host, a Trojan opens a port and receives commands from the control side. If the control side initiates a connection request, the viruses on the computer will automatically run, to respond to the request from the control end (start to send the information or files required by the other party to the machine of the Trojan horse sender ). Therefore, this is the whole Trojan program.

2. Trojan Detection

Common symptoms of viruses and viruses are as follows: Unknown crashes, hard disks are automatically read without operation (chassis indicators are flashing), and so on, ü What are the roles of the travel staff?

(1) Strange Startup Program

Many Trojans run at startup. If you find a strange Startup Program, enter "msconfig" in "start"-"run" and press Enter, open [System Utility configuration program]-[start] here to close what you don't need. The virus will usually come out after it is closed, and the 2000 system does not have the msconfig program, so we need to modify the Registry. Let's look down.

After sorting out, I found that General Trojans will load themselves in the following locations for the purpose of starting up and running:

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnceEx]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServicesOnce]

[Hkey_users.defasoftsoftwaremicrosoftwindowscurrentversionrun]

Once a strange program path is found above the registry, it can be completely deleted, and remember the program name to be found and deleted by searching in the registry!

(2) abnormal network traffic

If you do not download or upload files, but find that the network traffic is high (you can view the network status through the ADSL indicator or in the taskbar), it is likely that the trojan is working. This should immediately shut down the network and restart to enter safe mode for careful check.

(3) check suspicious processes in the Task Manager

Press ctrl + shift + del to open [Task Manager]-[process] And check which processes are running. If you do not know about it, you can search for it through the search engine. Here I recommend a very good professional process query site: http://www.dofile.com/once the suspicious process is found to immediately check.

In addition, many times the cpu usage of a process is close to 100%. First, search for the program corresponding to the process information through the software or network, close the program or replace another version (for example, replace version 2.1 with version 3.0) if this problem occurs after you confirm that the program is compatible with the system or the system itself is faulty, you can determine that the process is a software-bound Trojan.

(4) Strange projects in system services

Start-run. input services. msc here to see a large number of services. Maybe you will have a headache for the first time? TIPS: first, maximize the window. Click [2] at the top of the page to arrange the started services, click any one on the left side to provide the corresponding explanation. In general, the virus service is not explained (this is not to say that the virus is not explained), so when you encounter an unclear online check, you will soon understand that if any problematic service is found, you should immediately close it. Method: double-click the service you want to close. In the Properties window, click "Stop" and select "disabled" for "Start type!

3. Clear Trojans

Once a trojan enters the system, it will hide itself in multiple ways, and it is not easy to clear it completely. Because he is not as simple as worms and other viruses, Trojans often load themselves by changing the registry, changing the system service, or even loading the windows boot file, and loading the trojan program upon startup, all anti-virus software alone cannot be cleaned up. Even if it is killed and restarted again, what should we do? The magic of the moon, the battle, we fight against the Trojan!

Considering that Trojans are deeply associated with the system, if they are processed in a normal system, they will be disturbed by loading many services and background programs, therefore, I strongly recommend that you enter the security mode (this is also the best choice to clean up other viruses ). Method: After the instance is started, press F8-and select "safe mode.

In security mode, press ctrl + shift + del to open the task manager, right-click the Trojan process to be closed (we recommend that you select "End Process Tree" here ", this can completely remove the association with the System)
Then, start-run, enter "services. msc" to open the service, and follow the steps described above to disable the trojan Service (Of course, not every Trojan has a service and does not directly go to the next step)

Start-run, enter "regedit" to open the registry, check the locations mentioned in the first part, and delete the corresponding key values of the Trojan.

Finally, run the trojan killing tool (Here we recommend "Wooden Star", of course, we must update the virus database) and re-check it!
　

4. Additional instructions

Due to the special nature of Trojans, once infected, system program associations are generally tampered with, so that even if the trojan virus is cleared, some programs may not be able to be opened, even the desktop "my computer" cannot be opened. Once you double-click it, the "select Open Mode" dialog box is displayed. In fact, if you install newer anti-virus software such as rising 2005, Kingsoft 2005, and KV2005 all have registry repair tools, you can solve the problem by running them. If not, use the registry repair tool provided by Super Rabbit magic settings.
3. Precautions for virus prevention

1. A large number of resources

Some people feel like installing a few more anti-virus software sets and firewalls. The opposite is true! Because different software companies use different anti-virus engines and virus identification methods, there is a big difference between different anti-virus software, so there are serious compatibility problems (you don't have me ), as a result, none of them can work normally. In addition, anti-virus software is competing with the same virus in order to take the initiative to intercept the virus in memory in advance, too many anti-virus software installed will only seriously consume resources. As a result, security is not guaranteed, and the system performance is greatly discounted.

Correct practice: a set of anti-virus software with real-time monitoring and a suitable network firewall

2. Virus and network firewalls are indispensable

Everyone can understand how to install anti-virus software, but what is the use of the network firewall? To put it simply, the former Prevents viruses from entering your system, and the latter disconnects the virus from the outside, which is especially effective for Trojans.

Careful friends will find that just install the winsp-sp2 system or install network firewall after the Internet to Open QQ or BT or even the browser will prompt "XX program attempts to connect to the network, is allowed ?" To prevent Trojans and other malicious programs from accessing the network. Therefore, once a trojan is infected, the network firewall will not be afraid of the leakage of personal data.

At the same time, the network firewall also prevents attempts to access your system and cut off malicious attacks from the source. The simplest example is that you are familiar with the network command "ping". Many people with ulterior motives First Use this command to probe your network defense status and obtain your IP address, and then expand the network attack. However, if you use the network firewall, you can only ping it. At the same time, the network firewall also comprehensively monitors the dynamics of each port of the system to ensure the security of the local and network connections. Currently, the latest Mainstream anti-virus software is a good choice. As for network firewalls, the principles of different products are similar, just choose according to your personal habits: for example, general users do not know the firewall's IP rules very well, select system integration. Install the XP-sp2 system, open control panel-Security Center to start the firewall. However, some professional friends who want to study the Internet and want more information feedback and functions can choose "Skynet firewall" and "Rising Star Personal Firewall.

Iv. Summary

Finally, I suggest you always look at the process as a caring person? Are there any inexplicable problems with hard disk read/write and software running? When surfing the Internet, check the network status.

I believe that you will find that the virus is not as terrible as you think, and it is not as difficult as anti-virus!