How to remove Trojan tips

How to remove Trojan tips:

1, by the Trojan client program

The name and version of the Trojan are judged by the suspicious filenames previously found in Win.ini, System.ini, and the registry. For example, "NetBus", "Netspy" and so on, it is obvious that the corresponding Trojan is NetBus and Netspy. From the Internet to find its corresponding client program, download and run the program, in the client program corresponding to fill in the location of the local computer address: 127.0.0.1 and port number, you can establish a connection with the Trojan program. Then by the client's dismount Trojan server function to dismount the Trojan horse. The port number can be traced by the "netstat-a" command.

This is the easiest, relatively more thorough load of the Trojan method. However, there are some drawbacks, if the name of the Trojan Horse to the other renamed, you can not through these characteristics to determine what the Trojan horse. If the Trojan is set to a password, even if the client program can connect, no password will also log on to the local computer. Of course, if you know the common password of the trojan, that's a different story. Also, if the Trojan's client program does not provide uninstall Trojan function, then this method is useless. Of course, most Trojan client programs now have this feature.

2, manual removal of Trojan

Do not know what Trojan, no login password, can not find its corresponding client program 、......, then we hand slowly to delete the damn Trojan bar.

Use Msconfig to open the System Configuration Utility to edit the Win.ini, System.ini, and startup items. Shields off illegal startup items. In the Win.ini file, change the "run=xxx" or "load=xxx" below [WINDOWS] to "run=" and "load=", edit the System.ini file, and change "shell=xxx" under [BOOT] to: " Shell=Explorer.exe ".

Open Registry Editor with Regedit to edit the registry. First from the above method to find the Trojan program name, and then in the entire registry search, and delete all Trojan items. By looking up the Trojan program registration entries, analysis of Trojan files in the hard disk location (more in the C:windows and C:windowscommand directory). Boot to a pure MS-DOS state (instead of an MS-DOS window in the Windows environment) and delete the Trojan file with the del command. If the Trojan file is a system, hidden or read-only file, but also through the "Attrib-s-h-r" to change the properties of the corresponding file can be deleted.

For the sake of insurance, reboot later by the above various methods of detection Trojans to check the system to ensure that the Trojan is indeed deleted.

There are also a number of Trojans are their own programs and Windows System program is bound (that is, infected with the system files). For example, the commonly used Explorer.exe, as long as Explorer.exe a run, Trojan also started. This trojan can infect executable files, which is more like a virus. By hand Delete the file method after the Trojan horse, a running Explorer.exe, Trojan Horse again to be resurrected! At this point to remove the Trojan will have to delete the Explorer.exe file, and then from someone else the same operating system version of the computer will be the file copy over on it.