How dangerous computers are -- how bad Trojans are loaded

Author: Feng xinxin

The network is interconnected. When you obtain resources from the network, you must also pass the test. The Trojan program modifies and destroys the computer's systems and files, in addition to installing anti-virus software (including firewalls) in addition, the knowledge of system files should be mastered as much as possible. The following describes how to load Trojans:

Loading Method: locates in the System. ini and Win. ini files.

System. ini (Location C: windows)

[Boot] item Original Value configuration: mongoshell‑‑‑‑‑er.exe‑, which is one of the core Windows files, will be automatically loaded every time the system starts.

[Boot] item after modification configuration: "shell = explorer C: windowsxxx.exe”(xxx.exe suppose a trojan program ).

Win. ini (Location C: windows)

[Windows] item Original Value configuration: "load ="; "run =". Generally, no add-on is started after the equal sign.

[Windows] configuration after item modification: "load =" and "run =" followed by a non-system, application startup file, but some file names you are not familiar.

Solution:

Run the "run → msconfig" command to change the modified values in the System. ini file and Win. ini file back to the original values, and delete the trojan program. If you cannot enter the system, press "Shift + F5" to enter the Command Prompt Only mode before entering the system, and enter the edit system. ini and edit win. ini commands to modify them.

Loading Method: Hide it in the Registry (this method is the most concealed ).

Note the following registry items: hkey local MACHINESoftwareclassesexefileshellopencommand

Raw value data: "% 1" %

Modified numeric data: C: systemxxx.exe "% 1" %

The original registry key is the format of the run executable file. After modification, it becomes that the C: systemxxx.exe program is run every time the executable file is run.

For example, when the main QQ program is run after the host is started, xxx.exe (Trojan program) is loaded first.

Solution:

When a port is listened on through the firewall, the system immediately goes offline, checks whether the registry and system files are modified, finds the trojan program, and deletes it.

The source of infection is the server that loads the trojan program. Currently, there are many ways to disguise executable file icons, such as modifying the extension, changing the file icon to a folder icon, and hiding the extension. Therefore, be careful when receiving emails and downloading software. Many trojan programs have file names that are similar to system file names, causing users to be unsure of them and do not dare to delete them at will. Therefore, they need to constantly increase their knowledge to guard against such problems.

You can use some software to attack Trojans, such as The Cleaner and Trojan Remover. We recommend that you go to the Microsoft website frequently to download Patch packages to fix the system, and upgrade the virus database in time.