How to Prevent webpage Trojans
There are a lot of dangers on the network. Many Web pages are placed on trojans, not to mention what website masters do, but also a lot of bad behavior.
The anti-Trojan method is only applicable to webpage Trojans, with an efficiency of more than 90%. It can prevent more than 90% of trojans from being executed on your machine, or even Trojans that cannot be found by anti-virus software. Let's talk about the principle first.
Currently, webpage Trojans can be stored on your machine in the following ways:
1. Change the trojan file to a BMP file, and then use the DEBUG in your machine to restore it to the EXE file. The Trojan 20% exists on the Internet;
2. Download a TXT file to your machine, and there is a specific FTP connection in it. FTP is connected to the machine where they have a Trojan to download the trojan. The Trojan 20% exists on the Internet;
3. It is also the most common method. Download an HTA file and use the webpage control interpreter to restore the trojan. More than 50% of the Trojans exist on the Internet;
4. Use JS scripts to execute Trojan Files with VBS scripts. This type of Trojan horse steals many QQ programs, and the number of stolen Trojans accounts for about 10%;
5. Other methods are unknown.
What we want to prevent Method Is to change the name of the windows \ system \ mshta.exe file to the correct one (note that Windows2000 and WindowsXp are under system32 ).
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ ActiveX Compatibility \ creates a new CLSID-based key value for Active Setup controls {6E449683_C509_11CF_AAFA_00AA00 B6015C }, create a regi_dword-type Compatibility key under the new key value, and set the key value to 0x00000400.
In addition, windows \ command \ debug.exe and windows \ ftp.exe must be renamed (or deleted ).
Some of the latest popular Trojans have the most effective defense
For example, smss.exe, a popular Trojan on the network, is the main body of one of the Trojans, lurking in Windows98/WindowsMe/
In the c: \ windows Directory of WindowsXp, in the c: \ winnt directory of Windows2000.
Assume that you have entered this trojan. First, we use the progress manager to compile the currently running Trojan smss.exe, then create an smss.exe in the c: \ windows or c: \ winnt \ directory, and set it to the read-only attribute (2000/xp ntfs disk format, you can set "Security Settings" to read ). This trojan will not be infected in the future. This method has been tested on many Trojans and is very effective.
After such modification, I am now looking for someone else's Trojan URL to test. The experiment result is about 20 Trojan websites. About 15 rising stars will trigger an alarm, and the other 5 are not reflected. My machine does not add new EXE files or new processes. However, some Trojans are left in the Temporary Folder of IE. They are not executed and are not dangerous. Therefore, we recommend that you clean up temporary folders and IE frequently.
