With the increasing number of network users, various virus and trojan programs naturally treat them as delicious. When a batch of hacker pioneers fall down, they will generate a new alternative hacking program. One improper use will soon cause huge losses to personal online bank accounts, this makes many netizens have a headache. This article introduces the principles of Trojan horse protection and Analysis of Trojan horse detection and removal. This is not the latest introduction of the new online banking Trojan Win32.Troj. bankJp. a.221184 program. The trojan virus can be transmitted by third-party devices and networks, causing losses to system and online banking users. The key login program is used to log on to the operation interface repeatedly after the system is restarted, so that the system cannot enter the desktop and run properly. This virus Trojan can be automatically updated, this seriously threatens user property and privacy. Choose-> export system=dllcachec_20218.nls?%system=userinit.exe-> export system=dllcachec_20911.nlsand %windir=opadte.exe-> % system % dllcachec_20601.nls file. Secret file to achieve deep hiding. At this point, the virus Trojan still does not end its own reinforcement function. The RECYCLER... folder is created under the system root directory to store the virus backup. During Virus Cleaning, when network users accidentally infect their viruses and Trojans, they should be cleared out of their computers as soon as possible. Based on their respective Computer Emergency virus processing capabilities, two solutions are provided here: method 1: use the remote registry to fix the problem. Because the remote registry service item is enabled by default, users in the LAN can remotely connect to the Registry Editor to modify the infected computer registry. First, enter regedit in the run item of the Start menu to bring up the Registry Editor, click the File menu to open the connection network registry project, and enter the infected computer ip address \ MACHINE name (note: if the user name and password are required for the other computer after the connection is successful, enter the user name and password ). Find the Registry branch HKEY_LOCAL_MACHINESOFTWAREMicrosoft Windows NTCurrentVersionImage File Execution optionsdelete the userinit.exe program item (Note: Register Project, you must find the Registry branch HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon, modify the Userinit key value to the system default key value C: program file. Finally, run the DOS command to rename the c_20911.nls to be moved by the virus and reset it. Run the command copy c: windowssystem32dllcachec_20911.nls c: windowssystem32 to restart the computer and restore the system to normal. Method 2: After the WINPE disc is booted, the user first enters the BIOS by pressing the delete key when the computer is started, and sets the computer to start from the disc (Note: there is a slight difference between various brands of computers entering the BIOS, follow these instructions to add the WinPE disc to the optical drive. Press F10 to save and exit. The computer restarts and enters the boot interface. Go to the WinPE virtual system, find the Registry branch HKEY_LOCAL_MACHINESOFTWAREMicrosoft Windows NTCurrentVersionImage File Execution optionsdelete its userinit.exe program, find the Registry branch named NTCurrentVersionWinlogon, modify the Userinit key value to the system's default key value C: windowssystem32userinit.exe, and copy the userinit.exe program in the System32 folder under img to the windowssystem32 path on the system disk. After the final boot, the computer will be restarted, and the virus-infected userinit.exe will be restored to normal, the operating system will be started normally, and repeated restart will not occur, and the problem is solved. Virus prevention is not terrible, and the heart of the virus maker is terrible. Network users must always be vigilant against property losses. In the face of early network users, what methods can be used for anti-virus and anti-theft? In fact, there is no truly secure system in the network, and there is only a relatively secure platform. If you want to minimize threats from the Internet, you must pay attention to the following points: 1. Do not open the URLs transmitted in inexplicable websites and instant messaging software, do not accept and click on strangers or programs with unknown experience (including executable files, images, animations, movies, music, and e-books of EXE) at will to prevent attacks. 2. Enable the automatic patch update function in the system, and set the security software upgrade function installed on the local machine on a daily basis to the latest version. To enable the firewall during communication in the network, users without a firewall must install it as soon as possible. This can prevent remote connection of unfamiliar programs in the computer from being known and reviewed in advance. 3. Use anti-virus software or third-party security tools from time to scan and inspect the entire computer and install patches for instant messaging users, such as QQ, and check the account theft program to prevent trojans from infecting the internet bank.