[Virus] Trojan principle Series 1

Source: Internet
Author: User
The trojan program tries its best to hide itself. The main ways are to hide itself in the taskbar. This is the most basic thing if you set the visible attribute of form to false and showintaskbar to false, when the program runs, it will not appear in the taskbar. Stealth in Task Manager: setting a program as a "system service" can easily disguise itself.

Of course, it will also start quietly, and you certainly won't expect the user to click the "Trojan" icon after each startup to run the server ,, the trojan will automatically load the server every time the user starts, and the method for automatically loading the application when the Windows system starts. The trojan will be used, such as the Startup Group and win. INI, system. INI, registry, and so on are all good places for Trojans to hide. The following describes how a trojan is automatically loaded.

In the win. ini file, under [windows], "Run =" and "load =" are possible ways to load the "Trojan" program. You must pay attention to them carefully. Generally, there is nothing behind their equal signs. If you find that there are paths and file names behind them that are not familiar with the Startup File, your computer may be "Trojan. Of course, you have to see clearly, because many "Trojans", such as "AOL trojantrojan horse", pretend to be a command.exe file. If you do not pay attention, you may not find that it is not a real system startup file.

In the system. ini file, there is a "shell = file name" under [boot ". The specified file name should be "assumer.exefolder. If it is not" assumer.exe "but" shell = assumer.exe program name ", the program that follows is a" Trojan "program, that is, you are already in the" Trojan.

The situation in the registry is the most complex. Open the Registry Editor with the Regedit command, and click under the "HKEY-LOCAL-MACHINE/software/Microsoft/Windows/CurrentVersion/Run" directory, check whether there is an unfamiliar Automatic startup file in the key value. The extension is exe.

Here, remember: Some "Trojan" programs generate files much like the system's own files. They want to pass through disguise, such as "Acid Battery v1.0 Trojan ", it changes the Explorer key value under the Registry "HKEY-LOCAL-MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run" to Explorer = "C:/WINDOWS/expiorer.exe ", there is only a difference between the trojan program and the real Explorer between "I" and "l.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.