Good "Trojan" Universal Killing method _ virus killing

Source: Internet
Author: User
A lot of knowledge about the safety of the rookie, in the computer "Trojan" after the helpless. Although now there are many new versions of anti-virus software can automatically remove most of the "Trojan Horse", but they do not prevent the emergence of the "Trojan" program. Therefore, the killing Trojan, the most important thing is to know the "Trojan" principle of work. I believe you read this article, it will become a killing "Trojan" master.
"Trojan" program will do everything possible to hide their own, the main way is: in the taskbar to hide their own, this is the most basic way. If you set the form's Visible property to False,showintaskbar to False, the program will not appear in the taskbar when it runs. Stealth in Task Manager: Setting the program as "system services" can easily disguise itself. Of course, it will also silently start, hackers certainly do not expect users to click the "Trojan" icon to run the server after each start, "Trojan" will be in
Automatically mount each time the user starts. When Windows system starts to load the application automatically, "Trojan" will be used, such as: Startup Group, Win.ini, System.ini, registry, etc. are "trojan" hiding good place.

The following specific talk about "Trojan" is how to automatically load. In the Win.ini file, under [WINDOWS], "run=" and "load=" are ways to load the trojan, and you must pay close attention to them. In general, they should have nothing after the equal sign, if you find that the following path and file name is not familiar with the boot file, your computer may be "Trojan". Of course you also have to see clearly, because a lot of "Trojan", such as "AOL Trojan Trojan", it disguised itself as command.exe (real system files for Command.com) file, if not attention may not find it is not a real system boot file ( Especially under Windows window).

In the System.ini file, there is a "shell= filename" under [BOOT]. The correct filename should be "explorer.exe", if not "Explorer.exe", but "shell= Explorer.exe program name", then followed by the program is "Trojan" program, is that you have in the "Trojan Horse." The situation in the registry is the most complex, open Registry Editor through the regedit command, under Click to: "Hkey-local-machinesoftwaremicrosoftwindowscurrentversionrun" directory, Check the key values are not familiar with their own automatic startup files, extension of EXE, here remember: some "Trojan" program generated by the file is very similar to the system itself file, want to pass camouflage, such as "Acid Battery v1.0 Trojan", it will be the registry " Hkey-local-machineso Ftwaremicrosoftwindowscurrentversionrun "Under the Explorer key value changed to Explorer=" C:windowsexpiorer.exe "," Trojan "There is only a difference between" I "and" L "between the program and the real explorer. Of course, there are many places in the registry can hide the "Trojan" program, such as: "Hkey-currentusersoftwaremicrosoftwindowscurrentversionrun", "hkey-users**** Softwaremicrosoftwindowscurrentversionrun "In the directory is possible, the best way is in the" hkey-
Local-machinesoftwaremicrosoftwindowscurrentversionrun "To find the name of the Trojan horse program, and then search the entire registry."

Know the "Trojan" working principle, killing "Trojan" became very easy, if found to have "Trojan" exists, the most effective way is to immediately disconnect the computer and the network, to prevent hackers through the network to attack you. Then edit the Win.ini file, under [WINDOWS], "run=" Trojan "program" or "load=" Trojan "program" Change to "run=" and "load=", edit System.ini file, will [BOOT] under the "shell= ' Trojan ' file" , change to: "Shell=Explorer.exe"; in the registry, edit the registry with Regedit, first in the Hkey-local-machinesoftwaremicrosoftwindowscurrentversionrun "Trojan" under the file name, and then in the entire registry search and replace the "Trojan" program, sometimes also need to pay attention to is: some "Trojan "The program is not directly" Hkey-local-machinesoftwaremicrosoftwindowscurrentversionrun "under the" Trojan "key to delete the line, because some" trojan "such as: Bladerunner" Trojan ", If you delete it, "Trojan" will immediately automatically add, you need to write down the "Trojan" name and directory, and then back to MS-DOS, find this "trojan" file and delete. Restart the computer, and then go to the registry to remove the key values from all the "Trojan" files. So far, we are done.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.