System Protection: only two or three virus Trojans are used.

With only two or three moves, virus and Trojan horses do not come to the door [From Skynet security front] and share the same broadband in the same dormitory. Papaya computers are always infected with Trojan viruses or rogue software, my computer is "spotless ". In this way, every time papaya reinstalls the system in bad spirits, it will say that I am not loyal. When I heard this from my brother, I really felt a bit wronged. In fact, the methods to protect the system are nothing more than the two methods!

I. bare-handed anti-Trojan

Papaya's Windows XP system can be called a "virus nest". Not only are there Trojans "Lurking", but various malicious plug-ins are also entangled. The main cause of this situation is to grant excessive permissions to login accounts and netusers so that Trojans and plug-ins can easily access the system. Therefore, to effectively enhance system security, you must restrict account permissions.

Step 1: Create a restricted account

Open the "run" dialog box, enter the command "net user xiaoyao 123456/add", and press enter to execute the command. Then, you can add a new account named "xiaoyao" to the system, the password is 123456 ".

The new account added with the "net user" command has the default permission of "USERS Group". Therefore, you can only run licensed programs, but cannot add or delete programs or modify system settings at will, this avoids the destruction of most Trojans and malicious webpages.

Step 2: Gold silkworm shell reinforcement IE

Malicious web pages are the main way to infect systems with Trojan viruses and rogue plug-ins. Therefore, it is necessary to make some protection settings for IE.

1. Shell Creation

Delete the IE icon on the desktop, open the "C: Program FilesInternet assumerole folder, right-click the Program", select "send"> "desktop shortcut", and create a new IE shortcut icon on the desktop. Go back to the desktop, right-click the new IE icon, select the "properties" command, switch to the "shortcut" tab in the pop-up window, and click the "advanced" button, select "Run as another user" option (1), click OK, and close the dialog box.

Figure 1

2. shelling

After logging on to Windows XP with an administrator account or another non-"xiaoyao" account, double-click the IE shortcut on the desktop, a running identity dialog box is displayed, enter the newly created account name "xiaoyao" and password. Then, you can perform normal Internet access (2 ).

Figure 2

Next, we will try to see if IE can be harassed by malicious plug-ins. Go to www.baidu.com and click "set Baidu as Homepage" on the Baidu page to modify the IE homepage. Click the "more"> "souba" link on the page to download "Baidu souba ". After the download is complete, the plug-in automatically runs the installation program. The pop-up authentication dialog box is displayed, which is installed as "xiaoyao" by default (3 ).

Figure 3

After the installation is complete, when you run IE again as a "xiaoyao" account, you will find that the homepage has changed to Baidu. When running IE with a non-"xiaoyao" account, you can see that the IE homepage has not changed. Baidu souba, which was previously installed, won't be seen in any accounts running IE!

In this case, we use the account of the USERS Group xiaoyao to perform online operations. Because the "xiaoyao" account is not currently logged on, Baidu souba cannot be installed and loaded to IE at all. The web page can only modify the IE homepage of the "xiaoyao" account. That is to say, after running IE as a "xiaoyao" account, only the iesettings of the "xiaoyao" account can be modified on the malicious webpage, the account and system cannot be affected at all.

3. Shell change

If the iesettings of the "xiaoyao" account are changed or damaged, you can run the "net user xiaoyao/delete" command in the "run" dialog box to delete the "xiaoyao" account. Then, run the Account creation command again to create a new account named "xiaoyao" to make IE "intact ".

Step 3: reinforce the system

Infection of the system through web browsing is only a way for Trojans and rogue plug-ins. If you accidentally run the trojan virus program as the current account, the system will still be damaged. However, the "signs" of such damages are obvious, unlike malicious web pages that perform "Black Box operations" on the background, so we can block them in advance.

1. Disable Program startup

Many Trojan viruses are started by loading the Registry. Therefore, you can use permission settings to disable viruses and trojans from modifying the startup items of the Registry.

Start the Registry Editor, expand the "HKEY_LOCAL_MACHINESoftware MicrosoftWindowsCurrentVersionRun" branch, right-click the "Run" branch, and select the "permission" command, set the "read" permission of the current account on this branch to "allow", and cancel the selection of "Full Control" permission (4 ). Use the same method to set the following Registry Startup Key Permissions:
HKEY_LOCAL_MACHINESoftware MicrosoftWindowsCurrentVersionRunOnce
HKEY_LOCAL_MACHINESoftware MicrosoftWindowsCurrentVersionRunEx
HKEY_LOCAL_MACHINESoftware MicrosoftWindowsCurrentVersionPolicies policerrun
HKEY_LOCAL_MACHINESoftware MicrosoftWindowsCurrentVersionRunServices
Under "HKEY_CURRENT_USER", you also need to set permissions for the same multiple registry startup items.

Figure 4

2. Disable Service Startup

Some advanced Trojan viruses are loaded through the system service, which prohibits the permission of the Trojan virus to start the service.

Expand the "HKEY_LOCAL _ MACHINESYSTEMCurrentControlSet Services" branch in sequence, set the "read" permission of the current account to "allow", and cancel its "Full Control" permission.

3. System Security Settings

The most severe trojan virus uses DLL injection or takes the lead in system startup and running. You can restrict the startup permission in the registry.

The method for setting permissions is the same as that for setting permissions. The Registry Key has the following branches:
HKEY_LOCAL_MACHINESoftwareMicrosoft Windows NTCurrentVersionWinlogonUserInit
HKEY_LOCAL_MACHINESoftwareMicrosoft Windows NTCurrentVersionWinlogonShell
HKEY_LOCAL_MACHINESoftwareMicrosoft Windows NTCurrentVersionWinlogonGinaDll
HKEY_LOCAL_MACHINESoftwareMicrosoft Windows NTCurrentVersionWinlogonSystem
HKEY_CURRENT_USERSoftware MicrosoftWindowsCurrentVersionPolicies

4. File Association Protection

Some tricky Trojans can also be started by changing the system file association. Pair