A Trojan is a remote-controlled virus program that is highly concealed and harmful. It can control you or monitor you without knowing it. Some people say that, since the trojan is so powerful, I can leave it far! However, this trojan is really "naughty". No matter whether you are welcome or not, as long as it is happy, it will try to come to your "home! Oh, that's enough. Hurry up and check if there are any Trojans in your computer. Maybe it's just a waste of time in the family! So how do I know where the trojan is? I believe that cainiao who are not familiar with the trojan will want to know such a problem. The following are some tips for Trojans. Do not forget to take these tricks to deal with them!
1. integrate into the program
In fact, a Trojan is also a server-client program. To prevent users from easily deleting it, it is often integrated into the program. Once the user activates the trojan program, then, the trojan file is bundled with an application and uploaded to the server to overwrite the original file. Even if the trojan is deleted, you only need to run the application bound with the Trojan, the trojan will be installed again. Bind to an application. If it is bound to a system file, every Windows Startup starts a Trojan.
2. Hide it in the configuration file
The trojan is really tricky. I know that cainiao usually use a graphical interface operating system. Most configuration files that are not very important are ignored, this provides a hiding place for Trojans. In addition, with the special functions of the configuration file, Trojans can easily run and attack on everyone's computers to gain a peek or monitor everyone. However, this method is not very concealed and easy to detect. Therefore, loading Trojans in Autoexec. bat and Config. sys is rare, but it cannot be ignored.
3. lurking in Win. ini
To control or monitor a computer, a Trojan must run. However, no one is stupid enough to run it on his own computer. Of course, Trojans are also prepared to know that humans are highly intelligent animals and will not help them. Therefore, they must find a safe and automatic place to run during system startup, so it lurks in Win. ini is a pleasant place for Trojans. You may wish to open Win. ini. In its [windows] field, the startup commands "load =" and "run =" are included. In general, "=" is followed by a blank space, for example, run = c: windowsfile.exe load = c: windowsfile.exe
At this time, you have to cancel it. This file.exe may be a Trojan.
4. Disguise in common files
This method appeared late, but it is very popular now. It is easy to be fooled by unskilled windows operators. The specific method is to disguise the executable file as an image or text-change the icon to the default image icon for Windows in the program, and then change the file name to * .jpg.exe, because the default value of Win98 is "do not display the known file suffix", the file will be displayed *. jpg. If you don't pay attention to it, this icon will be a Trojan (if you embed an image in the program, it will be more perfect ).
5. built-in to the Registry
The above method made the trojan really comfortable for a while. No one can find it and it can run automatically. It's so fast! However, it is not a long time for humans to immediately hack it out and severely punish it! However, after summing up the lessons of failure, he thought that the hiding place above was easy to find. Now he must hide in a location that is not easy to be found, so he thought of the Registry! Indeed, due to the complexity of the Registry, Trojans often like to hide in the fun. Check out what programs are under them and read them carefully with wide eyes. Don't let the Trojans go: all key values starting with "run" in HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion; all key values starting with "run" in HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion; all key values starting with "run" in the HKEY-USERS.DefaultSoftwareMicrosoftWindowsCurrentVersion.
6. Hiding in System. ini
Trojans are everywhere! There is nothing left to do, so it will drill somewhere! This is not the case. System. ini in the Windows installation directory is also a place where Trojans like to hide. When file.exe, if such content exists, you are not lucky, because the file.exe here is a Trojan server program! In addition, in the [Program ENH] field of System. ini, check "driver = path program name" in this section, which may also be used by Trojans. Then, in System. the [mic], [drivers], and [drivers32] fields in ini also play the role of loading drivers, but they are also a good place to add Trojans, now you should know that you should also pay attention to this.
7. invisible to the Startup Group
Sometimes a Trojan does not care about its whereabouts. It pays more attention to whether it can be automatically loaded into the system, because once the trojan is loaded into the system, in any way you use, you cannot rush it (ah, this trojan face is too thick). Therefore, according to this logic, the Startup Group is also a good place for Trojans to hide, this is indeed a good place for automatic loading and running. The folder corresponding to the animation group is C: windowsstart menuprogramsstartup. The location in the registry is hkey_current_usersoftwaremicrosoftwindowscur1_version.
Assumershellfolders Startup = "C: windowsstart menuprogramsstartup ". Check the Startup Group frequently!
8. Hidden in Winstart. bat
According to the above logic theory, all Trojans are fond of staying where Trojans can be automatically loaded. This is not the case, Winstart. bat is also a file that can be automatically loaded and run by Windows. It is automatically generated for applications and Windows in most cases, after Win.com is executed and most drivers are loaded, run the command. (you can press the F8 key at startup and select the start mode to track the startup process step by step ). Because the Autoexec. bat function can be replaced by Winstart. bat, the Trojan can be loaded and run as it is in Autoexec. bat, which is dangerous.
9. bundled in the Startup File
That is, the application startup configuration file. The control end uploads the file with the same name as the trojan startup command to the server to overwrite the file with the same name, in this way, the Trojan can be started.
10. Set it in the super connection
The trojan owner places malicious code on the webpage to lure users into clicking. The user clicking result is self-evident: the door is stolen! Do not click the link on the webpage unless you understand it, trust it, and want to wait for it to die.