More good Trojan Find clear strategy _ Virus killing

Source: Internet
Author: User
First, learn Bole recognize Ma Ma

Trojan This thing is essentially a kind of remote control software. However, remote control software is also divided into regular troops and mountain bandits. Regular units, as the name implies, is a legitimate way to help you remotely manage and set up computer software, such as Windows XP with the Remote Assistance function, generally this kind of software in the runtime, will appear in the system tray, clearly told the user the current system is in control state, and the Trojan is a mountain bandits, They sneak into your computer to destroy it, and run it by modifying the registry, bundled in a normal program, making it difficult for you to find a trace.

Trojans and ordinary remote control software Another difference is that the Trojan to achieve more remote control functions, it can not only achieve the general remote control software functions, but also can destroy system files, record keyboard actions, steal passwords, modify the registry and limit system functions. And you may also become the helper of horse-raising, the horse may also use your machine to attack others, let you take the blame.

Second, root source to find the main culprit in the introduction of horse

As an unwelcome bandit, how does a Trojan get into your system? Generally there are the following major modes of communication:

The most common is to use the chat software "King", for example, your QQ friends in a certain kind of trojan, this Trojan is likely to run QQ on the Buddy's machine, and a message to you, tempting you to open a link or run a program, if you accidentally click or run, the horse will sneak into the Another popular way is to buy a "send" one, Trojans and some normal file bundle, such as with the picture file bundle, when you browse the picture, the Trojan will sneak in; The web is also a common way to raise horses, hackers put a good trojan on the Web page, and tempt you to open, You just have to browse this page and it's possible. Finally, a common method is the Internet café cultivation, Internet cafes, the machine security is poor, hackers can also be directly on the machine, so the Internet café with a lot of horse machines. Internet cafes are also a great chance of being attacked by Trojans. And the above methods may also be combined to attack you.



Third, how to make a killing Trojan

How can we tell if there is a trojan in the machine? Here are some simple ways to try.

STEP1

View open ports, as remote control software, Trojans also have the characteristics of remote control software. In order to contact its owner, it must clear the door (that is, the port), so we can check the machine open port, to determine whether there is a trojan. Select "Start"-"Run", enter "CMD" after carriage return, open the command line editing interface, enter the command "Netstat–an" (see Figure 1), where "established" means the port that has already been connected, "listening" means the port that opens and waits for others to connect. In the open port to find suspicious elements, such as 7626 (Ice horse), 54320 (Back Orifice 2000) and so on.
STEP2

To view the registry, in order to achieve with the system boot functions, the Trojan will modify the registry, we can look at the registry to find traces of the Trojan in the "Run" in the "regedit", enter after the Registry Editor,

Navigate to: Hkey_current_usersoftwaremicrosoftwindowscurrentversionexplorer, open shell Folders, User Shell Folders, Run, RunOnce and RunServices to check if there is any suspicious content inside. Then navigate to Hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorer and view the contents of each of the 5 subkeys. Once in the inside find you do not know the program, it is necessary to increase vigilance, it is likely that the Trojan has been to this trip.

STEP3

View the system configuration file, many Trojan files will modify the system files, and Win.ini and System.ini files are the most frequently modified two software. We need to have a regular medical check-up. Enter "%systemroot%" in "Run", Return to the "Windows" folder, find the inside Win.ini file, search for "Windows" in the inside, if you find a shape like "Load=file.exe,run=file.exe" Such a statement (File.exe for Trojan Horse program name), we must be extra careful, this is probably the main Trojan horse program. Similarly, in the System.ini file search "boot" field, find inside the "Shell=abc.exe", the default should be "Shell=Explorer.exe", if it is other programs may be in the Trojan.

In addition, you can infer whether a trojan is present in the system by looking at the system process and using a proprietary Trojan detection software method.



Close the stables door and do the Trojan defense work.

Search the system for Mshta.exe files and rename them, such as Cfan.exe. Then in the "Run" input "%windows%command", the inside Debug.exe and Ftp.exe also renamed. Open Registry Editor and navigate to: hkey_local_machinesoftwaremicrosoftinternet Exploreractivex compatibility, found in the inside "Active Setup controls "Subkey (if you don't have to build it manually), then create a new subkey under it, name {6e449683_c509_11cf_aafa_00aa00 b6015c}, right-click in the right margin, select New Key-DWORD value, and the key is named" Compatibility ", set the key value is" 0x00000400 "can be.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.