Knowledge of Trojan Horse and its precaution

Source: Internet
Author: User
Tags config ftp functions ini modify connect port number firewall

Mention Trojan, we must think of ancient Greek ancient story, the ancient Greeks with their wisdom, the soldiers hid in the Trojan inside the enemy city to occupy the enemy city story. Although a bit old-fashioned, but the Trojan is still inseparable from the background of the story. Trojan's full name is "Trojan Horse (Trojan horse)", as well as virus, is a program, used to destroy or interfere with the normal use of computer users.

First of all, we must understand the type of Trojan horse.

(1) Destructive type

This trojan is very annoying, this virus can automatically delete important files on the computer, such as DLLs, INI, EXE files.

(2) Password send type

Mainly used to steal user privacy information, he can find the hidden password to send to the designated mailbox. It can also be used to steal sensitive passwords from users. At the same time, the most important thing for such viruses is to record the operator's keyboard and find relevant useful information.

(3) Remote access type

Use up to both Trojans. The intruder runs the client and uses the Trojan to connect to the other computer and access the computer resources remotely.

(4) Keyboard record Trojan

This kind of keyboard Trojan is generally produced very short, mainly used to record the Trojan's keyboard percussion records, and according to network access, to the Trojan user sent to the designated mailbox.

(5) Dos attack type

The full name of DOS is a flood-type service attack. is used to request a server request, so that the server busy and processing the answer, while consuming a lot of resources, the last server resources exhausted and panic. Use multiple computer Dos attacks to achieve better results, you can use him to slowly attack more computers.

(6) Agent Trojan

can send their own computer from other places agent, and then back to the network server, play a transit role.

(7) FTP Trojan

The size of the FTP Trojan is also very small, typically used to open 21 ports to wait for users to connect.

(8) Program Killer Trojan

Mainly used to close some monitoring software, so that the Trojan can be more secure in the system, to prevent the detection of software discovery, resulting in data loss to users, sensitive information leaks and other failures.

(9) Bounce Port Type Trojan

The bounce port is designed to avoid firewall filtering. Because the firewall will be linked to the link to make a very strict filter, for the link may not be so strict, so take advantage of this, the port rebound, you can be more secure use.

Above for the basic types of Trojans, Trojans have some classification, so that the user classification query.
In addition to Trojans, there are many features. As with virus characteristics, understand the characteristics of these trojans, you can more easily judge the Trojan and find countermeasures to clear the password.

(1) Trojan has a good concealment, able to use the computer in the user's case, unknowingly running in the background of the computer. Because the Trojan is afraid to be found, so need to hide, from the beginning of the implantation of the target computer, will never show, using a variety of means to hide themselves. The Trojan makers have noticed the problem, hiding them, using bundled software or modifying registry files, and so on to achieve the goal, will not be in the desktop or the system eye-catching place to create icons, try to hide in the deep directory or System folder. At the same time, in the process also hides itself, define itself as a system process, not let users find out.

(2) Trojan has the characteristics of automatic operation. Because the Trojan is put on the other side of the computer, the Trojan must automatically connect, and automatically modify the target computer settings, such as the registry, startup files.

(3) Trojan infection is not disclosed, and do not know the extent of its harm, which reduces the understanding of the Trojan, at the same time the harm caused by the Trojan does not have a standard evaluation.

(4) The Trojan has the function of automatically resuming its own program. Trojan can automatically run, can also have the function of automatically repair their own programs. Automatically run, may also be in some places more copies of some virus files, in case of anti-virus software killing or program damage.

(5) Trojan can automatically open mouth. Trojan is an intelligent software, in addition to the automatic operation of the above automatic repair, can also automatically open a specific connection port, so that intruders can connect to the victim's computer.

(6) The function of the Trojan horse is special. Because Trojan is hidden execution, do not want to let the user discover, then need to specifically for some features of features, as far as possible to do a little bit of capacity. At the same time, the special point of the Trojan also care, it can automatically collect some of the victim's computer information.

Trojan's automatic start and hide function is very important, this can make Trojan more latent in the computer for a long time. It can also be loaded or modified to many settings, just like the software automatically starts.

(1) started in Win.ini, in the Win.ini [Windows] field, there are startup commands "load=" and "run=", which are the programs that the system loads and runs at startup. INI file is an application startup configuration file that can be used to start the program's features.

(2) starts in System.ini, System.ini is located in the Windows installation directory, its [boot] field Shell=Explorer.exe is the system's boot file location, from here also can start automatically.

(3) Start in the registry, the Registry has a startup key value, there are some start time to load the program, the same, can also be launched in the system's Startup group files.

(4) Used in batch files, batch files can be automatically executed in the processing of the set of commands, also can start Trojan.

(5) The system configuration file Config.sys in the boot, Config.sys file can be set up system loaded shell, procedures and so on.

(6) Modify the file association and modify the correlation of related files to the Trojan Program Association.

(7) Bundled files, the use of bundled software tools, can be very convenient to the normal software programs and Trojans bundled together, running the program will run together.

Trojan hidden, can make users and anti-virus software difficult to find Trojans, protect their own program security. Generally hidden, you can hide them in the taskbar and Task Manager because, in general, the system puts most of the software and processes into the taskbar and Task Manager. In addition, the Trojan connection is dependent on the port to connect, so the port number of Trojans is very large, because users can not check all so multiport.

But how to make a good trojan, there are also shortcomings, can be anti-virus software and Trojan Horse kill tools to check out. You can use the following methods in dealing with Trojan horse programs.

1, recommend the use of anti-virus software inspection, and anti-virus software virus database in time to update. Because if anti-virus software does not check out, it may be that your virus library version is lower, need to upgrade. At the same time, the recommended use of Trojan nemesis, Wood Marks is a suitable for network users of Security software, both the face of novice scanning memory and scanning hard disk functions, but also face the network master many debugging view system functions.

2, check whether there is a lot of resources in the memory of the non-system or software process, if any, please shut down and then antivirus.

3. Check the registry, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and Hkey_local_ in the registration form Machine\software\microsoft\windows\currentversion\runserveice, these two are the Windows startup run directory, to find out if there are any bizarre programs appearing.

4, check the system configuration file, the system configuration file includes Win.ini files, System.ini files and Config.sys files, these three files are recorded in the operating system startup needs to start and load the program, and can see whether the file path is normal program.

In fact, there are many ways to remove Trojans, I believe that we learn from the above content, can create a better than the author of the removal method, here only introduced a few conventional methods of removal in order to reference. In addition, when we use the computer, we should also pay attention to the prevention of Trojan Horse.

For a stranger's e-mail, check the source address, and then look at what's in the letter. If there are attachments, also have to be careful to see, because the attachment may hide the executable file suffix. As far as possible to open the virus monitoring system, to maintain the update of the virus library, while the use of Trojans are recommended to check whether there is a Trojan horse. When found that the computer network state is not normal, you need to immediately disconnect the network, and then check the reasons to see if the Trojan caused. At the same time, in peacetime use of the process also need to pay attention to C:\, C:\Windows, c:\Windows\system These three directory files, because these three directory is the Trojan most accustomed to hide the place.

Trojan is not a simple virus, it may cause a lot of unexpected damage, and may make your important files lost and so on. However, as long as we in peacetime use of the process, pay more attention to protection, you can basically rest assured that the use of computers.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.