How do I know if I am a trojan?

The trojan program tries its best to hide itself. The main ways are to hide itself in the taskbar. This is the most basic thing if you set the Visible attribute of Form to False and ShowInTaskBar to False, when the program runs, it will not appear in the taskbar. Stealth in Task Manager: setting a program as a "system service" can easily disguise itself.

Of course, it will also start quietly, and you certainly won't expect the user to click the "Trojan" icon after each startup to run the server ,, the trojan will automatically load the server every time the user starts, and the method for automatically loading the application when the Windows system starts. The trojan will be used, such as the Startup Group and win. ini, system. ini, registry, and so on are all good places for Trojans to hide. The following describes how a trojan is automatically loaded.

In the win. ini file, under [WINDOWS], "run =" and "load =" are possible ways to load the "Trojan" program. You must pay attention to them carefully. Generally, there is nothing behind their equal signs. If you find that there are paths and file names behind them that are not familiar with the Startup File, your computer may be "Trojan. Of course, you have to be clear, for a great deal of reason, such as the aoltrojantrojan, you pretend to be a command.exe file. If you do not pay attention to it, you may not find it as a real system startup file. For details, you can click Database Security software to help you solve all security.

In the system. ini file, there is a "shell = file name" under [BOOT ". The specified file name should be "assumer.exedeletion". If the file name is not "assumer.exedeletion", and the program name is "Trojan", that is, you are already in the "Trojan.

The situation in the registry is the most complex. Open the Registry Editor using the regedit command.

Click the "HKEY-LOCAL-MACHINESoftwareMicrosoftWindowsCurrentVersionRun" directory to check whether the key value contains an unfamiliar Automatic startup file with the extension EXE. Remember: some "Trojan" programs generate files much like the system's own files and want to pass through the disguise,

For example, "AcidBatteryv1.0 Trojan", it changes the Explorer key value under "HKEY-LOCAL-MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun" to Explorer = "C: WINDOWSexpiorer.exe ", there is only a difference between the trojan program and the real Explorer between "I" and "l. Of course, there are many other places in the registry where the "Trojan" program can be hidden,

For example, "HKEY-CURRENT-USERSoftwareMicrosoftWindowsCurrentVersionRun ",

"HKEY-USERS *** SoftwareMicrosoftWindowsCurrentVersionRun" directory is possible,

The best way is to find the name of the Trojan program under "HKEY-LOCAL-MACHINESoftwareMicrosoftWindowsCurrentVersionRun", and then search the entire registry.

Knowing how a trojan works, it is easy to scan and kill a trojan. If a trojan exists, the safest and most effective method is to immediately disconnect the computer from the network and prevent hackers from attacking you through the network.

Edit win. INI file. Under [WINDOWS], change "run =" Trojan "program" or "load =" Trojan "program" to "run =" and "load =". Edit system. INI file, change the "shell = 'Trojan 'file" under [BOOT] To mongoshell‑assumer.exe ";

In the registry, use regedit to edit the Registry. First, find the file name of the Trojan program under "HKEY-LOCAL-MACHINESoftwareMicrosoftWindowsCurrentVersionRun, search for and replace the "Trojan" program in the entire registry. Note that: some "Trojan" programs do not directly Delete the "Trojan" key value under "HKEY-LOCAL-MACHINESoftwareMicrosoftWindowsCurrentVersionRun", because some "Trojan" such as: BladeRunner "Trojan ", if you delete it, the trojan will be automatically added immediately, you need to write down the trojan name and directory, and then return to the MS-DOS, find the trojan file and delete it.

Restart the computer and then delete the key values of all trojan files in the registry. So far, we have achieved success.