What, TXT file is also dangerous? Yes! TXT file is not only dangerous, but can be very dangerous! However, strictly speaking, this so-called "txt" file should be put in quotation marks, because they appear to be TXT file, but it is hidden in the real extension of other files, but in the eyes of ordinary people they are indeed "txt" file! Now let's take a look at these dangerous "TXT" files.
A. txt file that hides the HTML extension
If you receive a message in the attachment that looks like this file: QQ Liang broadcast. TXT, do you think it is definitely a plain text file? I want to tell you, not necessarily! Its actual file name can be QQ Liang broadcast. txt. {3050f4d8-98b5-11cf-bb82-00aa00bdce0b}. {3050f4d8-98b5-11cf-bb82-00aa00bdce0b} is the meaning of the HTML file association in the registry. But when the file is stored as a filename it will not appear, you see is a. txt file, this file is actually equivalent to QQ Liang broadcast. txt.html. So why is it dangerous to open this file directly? Please see if the contents of this document are as follows:
You might think it would call Notepad to run, but if you double-click it, it will call HTML to run, and automatically format D disk in the background, displaying the Windows is configuring the system. Plase do not interrupt this process. "Such a dialog box to deceive you. Do you think it is dangerous enough to open the TXT in the attachment at random?
Spoofing implementation Principle: When you double-click this disguised txt, because the true file name extension is. {3050f4d8-98b5-11cf-bb82-00aa00bdce0b}, which is the. html file, runs as an HTML file, which is a prerequisite for it to run.
The 2nd and 3rd lines in the contents of the file are the key to its destructive impact. The 3rd line is the performer of the destructive action, in which a destructive command can be loaded. So what's the 2nd line? You may have noticed the "WSCript" in line 2nd, yes! Is that it directed the whole curtain, it is behind the scenes!
WScript Full name Windows Scripting Host, which is a new addition to the Win98, is a batch language/automatic execution tool-its corresponding program "WScript.exe" is a scripting language interpreter, located in C:windows, It is it that allows the script to be executed, just as it does a batch process. In the Windows Scripting Host scripting environment, some objects are predefined, with several built-in objects coming with it, to get environment variables, create shortcuts, load programs, read and write registry functions.
Identification and Prevention methods:
① This deceptive txt file is not a text file icon, it shows the undefined file type flag, which is the best way to differentiate it from the normal TXT file.
Another way to identify ② is to display the full name of the filename on the left side of my computer when viewed as Web page (Figure 1), and you can see that it is not a real txt file at this point. The problem is that a lot of beginners experience is not enough, the veteran may also because did not pay attention to open it, here again to remind you, notice you received the file name of the attachment in the message, not only to see the display of the extension, but also notice the actual display of the icon is.
③ for the attachment of someone else sent to appear txt file, you can download it with the right mouse button to choose "Open with Notepad", so that it will be very safe.