The right medicine teaches you to clear trojans from your computer

Source: Internet
Author: User

Author:Ye Fei2008-07-22 from it168

A Trojan Horse is a remote-controlled virus program that is highly concealed and harmful. It can control or monitor users' computers without knowing it. The following describes the locations where Trojans are often hidden and how to clear them.

First, check whether a trojan exists on your computer.

1. integrate into the program

In fact, a Trojan is also a server-client program. To prevent users from easily deleting it, it is often integrated into the program. Once the user activates the trojan program, then, the trojan file is bundled with an application and uploaded to the server to overwrite the original file. Even if the trojan is deleted, you only need to run the application bound with the Trojan, the trojan will be installed again. Bind to an application. If it is bound to a system file, every Windows Startup starts a Trojan.

2. Hide it in the configuration file

The trojan is really tricky. I know that cainiao usually use a graphical interface operating system. Most configuration files that are not very important are ignored, this provides a hiding place for Trojans. In addition, with the special functions of the configuration file, Trojans can easily run and attack on everyone's computers to gain a peek or monitor everyone. However, this method is not very concealed and easy to detect. Therefore, loading Trojans in Autoexec. bat and Config. sys is rare, but it cannot be ignored.

3. lurking in Win. ini

To control or monitor a computer, a Trojan must run. However, no one is stupid enough to run it on his own computer. Of course, Trojans are also prepared to know that humans are highly intelligent animals and will not help them. Therefore, they must find a safe and automatic place to run during system startup, so it lurks in Win. ini is a pleasant place for Trojans. You may wish to open Win. ini. In its [windows] field, the startup commands "load =" and "run =" are included. In general, "=" is followed by a blank space, for example, run = c: windowsfile.exe load = c: windowsfile.exe

At this time, you have to cancel it. This file.exe may be a Trojan.

4. Disguise in common files

This method appeared late, but it is very popular now. It is easy to be fooled by unskilled windows operators. The specific method is to disguise the executable file as an image or text-change the icon to the default image icon for Windows in the program, and then change the file name to * .jpg.exe, because the default setting is "do not display the known file suffix", the file will be displayed *. jpg. If you don't pay attention to it, this icon will be used as a Trojan.

5. built-in to the Registry

The above method made the trojan really comfortable for a while. No one can find it and it can run automatically. It's so fast! However, it is not a long time for humans to immediately hack it out and severely punish it! However, after summing up the lessons of failure, he thought that the hiding place above was easy to find. Now he must hide in a location that is not easy to be found, so he thought of the Registry! Indeed, due to the complexity of the Registry, Trojans often like to hide in the fun. Check out what programs are under them and read them carefully with wide eyes. Don't let the Trojans go: all key values starting with "run" in HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion; all key values starting with "run" in HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion; all key values starting with "run" in the HKEY-USERS.DefaultSoftwareMicrosoftWindowsCurrentVersion.

6. Hiding in System. ini

Trojans are everywhere! There is nothing left to do, so it will drill somewhere! This is not the case. System. ini in the Windows installation directory is also a place where Trojans like to hide. When file.exe, if such content exists, it is unfortunate that the file.exe here is a Trojan server program! In addition, in the [Program ENH] field of System. ini, check "driver = path program name" in this section, which may also be used by Trojans. Then, in System. the [mic], [drivers], and [drivers32] fields in ini also play the role of loading drivers, but they are also a good place to add Trojans, now, you must pay attention to this.

7. invisible to the Startup Group

Sometimes a Trojan does not care about its whereabouts. It pays more attention to whether it can be automatically loaded into the system, because once a trojan is loaded into the system, it cannot be quickly run in any way, this trojan is too thick), so according to this logic, the Startup Group is also a good place for Trojans to hide, because it is indeed a good place to automatically load and run. The folder corresponding to the animation group is C: windowsstart menuprogramsstartup. The location in the registry is hkey_current_usersoftwaremicrosoftwindowscur1_version.

Assumershellfolders Startup = "C: windowsstart menuprogramsstartup ". Check the Startup Group frequently!

8. Hidden in Winstart. bat

According to the above logic theory, all Trojans are fond of staying where Trojans can be automatically loaded. This is not the case, Winstart. bat is also a file that can be automatically loaded and run by Windows. It is automatically generated for applications and Windows in most cases, after Win.com is executed and most drivers are loaded, run the command. (you can press the F8 key at startup and select the start mode to track the startup process step by step ). Because the Autoexec. bat function can be replaced by Winstart. bat, the Trojan can be loaded and run as it is in Autoexec. bat, which is dangerous.

9. bundled in the Startup File

That is, the application startup configuration file. The control end uploads the file with the same name as the trojan startup command to the server to overwrite the file with the same name, in this way, the Trojan can be started.

10. Set it in the super connection

The trojan owner places malicious code on the webpage to lure users into clicking. The user clicking result is self-evident: the door is stolen! I advise you not to click the link on the webpage unless you know it, trust it, and be willing to die for it.

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.