The most effective way to prevent Trojan Horse (full article) _ Network security
Source: Internet
Author: User
Teach everyone to prevent Trojan, only for the Web Trojan, effective rate of more than 90%, you can prevent more than 90% Trojans on your machine is executed, and even anti-virus software can not find the Trojan could be prohibited to execute. Let's talk about the principle first.
Now the Web Trojan is nothing more than the following ways into your machine
1: The Trojan file into a BMP file, and then cooperate with your machine to restore the debug to exe, online existence of the Trojan 20%
2: Download a TXT file to your machine, and then there are specific ftp^-^, FTP even on their trojan machine download Trojan horse, online existence of the Trojan 20%
3: is also the most common way to download an HTA file, and then use the Web page control interpreter to restore the Trojan. The Trojan in the online presence of more than 50%
4: The use of JS script, with a VBS script to execute the Trojan file, the Trojans steal more QQ, stealing the legend of less, about 10%
5: Other ways unknown .......
Now, let's take precautions ... Don't lose the bricks.
Which is to rename the Windows\system\mshta.exe file,
Change to what you are casually (s fart and Plague 2000 is under System32)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX compatibility\ under active Setup Controls creates a new key value {6e449683_c509_11cf_aafa_00aa00 b6015c} based on the CLSID, and then creates a REG_DWORD-type key compatibility under the new key value. and set the key value of 0x00000400 can be.
and Windows\command\debug.exe and Windows\ftp.exe to change their names (or delete them).
Some of the latest popular Trojan most effective defense ~ ~
For example, the network of popular Trojan Smss.exe This is one of the main body of the Trojan lurking in the 98/winme/xp c:\windows directory C:\Winnt ...
If you're in this Trojan first we end the running Trojan Smss.exe with the process manager and then create a price smss.exe in the C:\windows or c:\winnt\ directory and set it to read-only property ~ (2000/xp NTFS disk format) It is better to use the "Security settings" set to read) so the Trojan has not ~ later will not be infected with this method I tested on a lot of Trojans
It's all very effective.
After such a modification, I am looking for someone else to send the Trojan Web site to test, the results of the experiment is about 20 Trojan site, there are probably 15 rising will alarm, and the other 5 does not reflect the rising, and my machine did not add a new EXE file, there is no new process appears, But some Trojan remains in the temporary folder of IE, they have not been executed, there is no danger, so we recommend that you often clean up temporary folders and ie.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.