Search for the top ten locations where Trojans are found

A Trojan is a remote-controlled virus program that is highly concealed and harmful. It can control you or monitor you without knowing it. Some people say that, since the trojan is so powerful, I can leave it far!

 

However, this trojan is really "naughty". No matter whether you are welcome or not, as long as it is happy, it will try to come to your "home! Oh, that's enough. Hurry up and check if there are any Trojans in your computer. Maybe it's a wave of fun in the family! So how do I know where the trojan is? I believe that cainiao who are not familiar with the trojan will want to know such a problem. The following are some tips for Trojans. Do not forget to take these tricks to deal with them!

  Search for the top ten locations where Trojans are found
A Trojan is a remote-controlled virus program that is highly concealed and harmful. It can control you or monitor you without knowing it. Some people say that, since the trojan is so powerful, I can leave it far!

 

However, this trojan is really "naughty". No matter whether you are welcome or not, as long as it is happy, it will try to come to your "home! Oh, that's enough. Hurry up and check if there are any Trojans in your computer. Maybe it's a wave of fun in the family! So how do I know where the trojan is? I believe that cainiao who are not familiar with the trojan will want to know such a problem. The following are some tips for Trojans. Do not forget to take these tricks to deal with them!
　　
1. integrate into the program
　　
In fact, a Trojan is also a server-client program. To prevent users from easily deleting it, it is often integrated into the program. Once the user activates the trojan program, then, the trojan file is bundled with an application and uploaded to the server to overwrite the original file. Even if the trojan is deleted, you only need to run the application bound with the Trojan, the trojan will be installed again. Bind to an application. If it is bound to a system file, every Windows Startup starts a Trojan.
　　
2. Hide it in the configuration file
　　
The trojan is really tricky. I know that cainiao usually use a graphical interface operating system. Most configuration files that are not very important are ignored, this provides a hiding place for Trojans. In addition, with the special functions of the configuration file, Trojans can easily run and attack on everyone's computers to gain a peek or monitor everyone. However, this method is not very concealed and easy to detect. Therefore, loading Trojans in Autoexec. bat and Config. sys is rare, but it cannot be ignored.
　　
3. lurking in Win. ini
　　
To control or monitor a computer, a Trojan must run. However, no one is stupid enough to run it on his own computer. Of course, Trojans are also prepared to know that humans are highly intelligent animals and will not help them. Therefore, they must find a safe and automatic place to run during system startup, so it lurks in Win. ini is a pleasant place for Trojans. You may wish to open Win. ini. In the [windows] field, the startup commands "load =" and "run =" are available. Generally, "=" is left blank, for example, run = c: windowsfile.exe load = c: windowsfile.exe
　　
At this time, you have to cancel it. This file.exe may be a Trojan.
　　
4. Disguise in common files
　　
This method appeared late, but it is very popular now. It is easy to be fooled by unskilled windows operators. The specific method is to disguise the executable file as an image or text-change the icon to the default image icon for Windows in the program, and then change the file name to * .jpg.exe, because the default value of Win98 is "do not display the known file suffix", the file will be displayed *. jpg. If you don't pay attention to it, this icon will be a Trojan (if you embed an image in the program, it will be more perfect ).
　　
5. built-in to the Registry
　　
The above method made the trojan really comfortable for a while. No one can find it and it can run automatically. It's so fast! However, it is not a long time for humans to immediately hack it out and severely punish it! However, after summing up the lessons of failure, he thought that the hiding place above was easy to find. Now he must hide in a location that is not easy to be found, so he thought of the Registry!

Indeed, due to the complexity of the Registry, Trojans often like to hide in the fun. Check out what programs are under them and read them carefully with wide eyes. Don't let the Trojans go: all key values starting with "run" in HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion; all key values starting with "run" in HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion; all key values starting with "run" in the HKEY-USERS.DefaultSoftwareMicrosoftWindowsCurrentVersion.
6. Hiding in System. ini
　　
Trojans are everywhere! There is nothing left to do, so it will drill somewhere! This is not the case. System. ini in the Windows installation directory is also a place where Trojans like to hide. When file.exe, if such content exists, you are not lucky, because the file.exe here is a Trojan server program! In addition, in the [Program ENH] field of System. ini, check "driver = path \ program name" in this section, which may also be used by Trojans.

Then, in System. the [mic], [drivers], and [drivers32] fields in ini also play the role of loading drivers, but they are also a good place to add Trojans, now you should know that you should also pay attention to this.
　　
And invisible to the Startup Group
　　
Sometimes a Trojan does not care about its whereabouts. It pays more attention to whether it can be automatically loaded into the system, because once the trojan is loaded into the system, in any way you use, you cannot rush it (ah, this trojan face is too thick). Therefore, according to this logic, the Startup Group is also a good place for Trojans to hide, this is indeed a good place for automatic loading and running.
The folder corresponding to the animation group is C: windowsstart menuprogramsstartup, and its location in the registry:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorer
ShellFolders Startup = "C: windowsstart menuprogramsstartup ". Check the Startup Group frequently!
　　
8. Hidden in Winstart. bat
　　
According to the above logic theory, all Trojans are fond of staying where Trojans can be automatically loaded. This is not the case, Winstart. bat is also a file that can be automatically loaded and run by Windows. It is automatically generated for applications and Windows in most cases, after Win.com is executed and most drivers are loaded, run the command. (you can press the F8 key at startup and select the start mode to track the startup process step by step ). Because the Autoexec. bat function can be replaced by Winstart. bat, the Trojan can be loaded and run as it is in Autoexec. bat, which is dangerous.
　　
9. bundled in the Startup File
　　
That is, the application startup configuration file. The control end uploads the file with the same name as the trojan startup command to the server to overwrite the file with the same name, in this way, the Trojan can be started.
　　
10. Set it in the super connection
　　
The trojan owner places malicious code on the webpage to lure users into clicking. The user clicking result is self-evident: the door is stolen! I advise you not to click the link on the webpage unless you understand it, trust it, and want to wait for it to die.