Unable to delete special file name Trojan in Windows

Source: Internet
Author: User
Tags safe mode

We all know that the characteristics of Trojan horse is hidden, once exposed, then use anti-virus software to kill the OK, even if some of the more stubborn Trojan virus, at most also as long as the safe mode to go to kill. But there are a class of trojans and viruses are different, they not only have the hidden characteristics of Trojan virus, but also very difficult to clear. Why are these special file names Trojan virus hard to clean?

Why can't I delete a special file name Trojan in Windows?

These Trojans take advantage of some windows "vulnerabilities" and create a program or folder of special file names that we cannot delete in Windows. So how to remove these special file name Trojan virus clean?

Of course, there are some special ways to do this, creating folders named after these device names. For example, if we execute the "MD C:aux" command at the command prompt, we can build a folder called Aux on the C disk. This Aux folder can be accessed, but it can be established, but it cannot be deleted because Windows does not allow the device to be removed in this manner.

Visible, Trojan virus is exploited by Windows vulnerabilities to deceive the system and create special file name files. and anti-virus software as Windows application software, but also follow the Windows File/folder naming rules, so that Trojan virus can stay in the system for a long time, even if the anti-virus software found also useless.

How to make a Trojan horse into a special document?

Once you know how to create a special folder, this is pretty straightforward. In the command prompt, enter the command: Copy Muma.exe. D:aux.exe and enter, so will muma.exe copy for D disk Aux.exe file, an anti-virus software can not remove the special Trojan virus was born.

In fact, using "system reserved words to build special folders to prevent killing" this trick is often used by hackers to invade Web servers. Typically, a hacker invades a Web site and creates a webshell of such a special file name, such as Copy webshell.asp, from the command prompt in the Web site folder. D:wwwrootaux.asp, with the system and hide permissions added to the command (its properties cannot be set in Windows). Such webshell in the server is very dangerous, is the webmaster's number one public enemy.

How do I delete a special file name Trojan?

Know the principle of this trojan, we clear up is relatively simple, here are two methods:

1, find the location of the Trojan virus, in the command prompt, enter the following command: "Del." C:empnul.exe ", where the" C:empnul.exe "is the path of the Trojan file, enter the Trojan file can be deleted.

2. Create a new Notepad document and enter:

del/f/a/q?%1

RD/S/q?%1

After saving, change the file suffix name to. bat, and then drag the file or folder that cannot be deleted onto the bat file.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.