Prevention of Trojans in Windows

A Trojan is a popular type of virus file. Unlike a common virus, it does not multiply itself or infect other files. It attracts users to download and execute their own disguise, or in the form of bundling in the webpage, when users browse the webpage, they are affected. The trojan program provides the hacker with a portal to open the computer of the hacker, so that the hacker can destroy, steal the file and privacy of the hacker, and even remotely manipulate the computer of the hacker. The principle of Trojans is similar to that of remote control software that is often used in computer networks. However, remote control software is usually not concealed because it is controlled in good faith; the opposite is true for trojan programs. trojan programs require "theft" remote control. Without strong concealment, there is no value.

A Trojan usually has two executable programs: one is the client, that is, the control side, and the other is the server side, that is, the control side. To prevent trojans from being discovered, the trojan designer uses multiple methods to hide the Trojan. Once the trojan service is run, one or more ports on the computer will be opened. Hackers can use the control terminal to access the computer running the server, or even control the computer of the victim, therefore, the security and privacy of the person to be planted are completely insecure!

As Microsoft's operating system transits from Win9X to WinNT (including 2000/xp/2003), Microsoft's task manager is also "Reborn ", get eye-catching (in Win9X, you only need to register the process as a system service to be invisible from the process viewer, but all this is completely different in WinNT, no matter how the trojan cleverly hides itself from the port or Startup File, it cannot fool the WinNT Task Manager ), this allows the previous process registration as a system service in the win9X operating system to enable invisible trojans from the task manager to face an unprecedented crisis, so the trojan developers promptly adjusted their development ideas, the dynamic embedded DLL Trojan is transferred to the development team to avoid process queries by the WinNT task manager.

To find out what a Dynamic embedded DLL Trojan is, we must first understand another "executable file" in Windows-DLL, which is a Dynamic Link Library (Dynamic Link Library) DLL files are the basis of Windows, because all API functions are implemented in DLL. DLL files have no program logic and are composed of Multiple Functional functions. They cannot be run independently. Generally, DLL files are loaded and called by processes.

Because DLL files cannot run independently, no DLL is displayed in the process list. Therefore, the trojan developer writes a dynamic embedded DLL Trojan and runs it through other processes, only the process appears, but not the DLL Trojan. If that process is an example (for example, the resource manager assumer.exe), no one will doubt that the DLL file is also a Trojan. As a result, the trojan implements its own concealed function, so it is also very important to prevent the DLL Trojan.

Next, Guanghua anti-virus experts will explain how to discover Trojans.

In the WinNT system, DLL Trojans are generally stored in the System32 directory (because System32 is the directory where system files are stored, there are a lot of files in it and it is convenient to hide them ), to solve this problem, we can record the EXE and DLL files in the directory after installing the system and necessary applications: click "start running", Enter cmd, press enter, and the doscommand line mode appears. Press "cd", and then press "cd C: WindowsSystem32, this will convert the directory to the System32 directory (do not know how to enter it, please refer to the use of the DOS cd command), enter the command: dir *. exe> exebackup.txt & dir *. dll> dllbackup.txt press Enter.

Token. If you find that the system is abnormal and you cannot find the problem using the traditional method, consider whether the system has already penetrated into the DLL Trojan.

Run CMD-fc exebackup.txt exebackup1.txt> different.txt & fc dllbackup.txt dllbackup1.txt> files. In this way, we can find multiple DLL and EXE files, then, by checking the creation time, version, compression, and so on, you can easily determine whether it has been patronized by the DLL Trojan.

No is the best. If yes, do not delete it directly. You can move it to the recycle bin first. If the system does not respond abnormally, delete it completely, or report the DLL file to Guanghua anti-virus research center for check (reported to: virus@viruschina.com ).

Finally, we recommend that you take the following measures to prevent Trojans:

First, install anti-virus software and Guanghua personal firewall, and upgrade them in time.

Second, set the security level of the personal firewall to prevent unknown programs from transmitting data.

Third, use a secure browser and email client tool.

Fourth, operating system patches should be updated frequently.

Fifth, do not open the files transmitted and downloaded by strangers and use the cracking software.

We believe that prevention and control of Trojans is not so terrible as long as you do a good job in security protection.