Teach everyone to prevent Trojan, only for the Web Trojan, effective rate of more than 90%. Can prevent more than 90% Trojans are executed on your machine, or even anti-virus software can not find the Trojan may be prohibited to execute, first say the principle.
Now there are several ways in which a Web Trojan can be in your machine:
1, the Trojan file into a BMP file, and then cooperate with your machine to restore the debug to exe, online existence of the Trojan 20%;
2, download a TXT file to your machine, and then there are specific FTP connection, FTP even on their trojan machine download Trojan horse, online existence of the Trojan 20%;
3, is also the most common way to download an HTA file, and then use the Web page control interpreter to restore the Trojan, the Trojan in the online presence of more than 50%;
4, the use of JS script, with a VBS script to execute the Trojan file, the Trojans steal more QQ, stealing the legend of less, probably accounted for about 10%;
5, other ways unknown.
Now, the way to prevent it is to change the Windows\system\mshta.exe file to what you decide (note that Windows2000 and Windows XP are under System32).
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX compatibility\ under active Setup Controls creates a new key value {6e449683_c509_11cf_aafa_00aa00 b6015c} based on the CLSID, and then creates a REG_DWORD-type key compatibility under the new key value. and set the key value of 0x00000400 can be.
and Windows\command\debug.exe and Windows\ftp.exe to change their names (or delete them).
Some of the latest popular Trojans have the most effective defense
such as the network of popular Trojan Smss.exe, this is one of the main body of a trojan, lurking in windows98/windowsme/
Windows XP C:\Windows directory, under the Windows2000 C:\Winnt directory.
If you get into this trojan, first we use the process Manager to end the running Trojan Smss.exe, and then create a smss.exe in the C:\Windows or c:\winnt\ directory and set it as read-only (2000/xp NTFS disk format that's better, Can be set to read using the security settings. This trojan is gone, and will no longer infect. This method I tested on a lot of Trojans, are very effective.
After such changes, I am looking for someone else to send the Trojan Web site to test. The results of the experiment is about 20 Trojan Web site, there are about 15 rising will alarm, and the other 5 rising did not reflect. My machine did not add new EXE files, and no new processes appeared. But some Trojan remains in the temporary folder of IE, they have not been executed, there is no danger, so we recommend that you often clean up temporary folders and ie.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
