Where the Trojans hide-away from remote control

Source: Internet
Author: User
Tags ini

Trojan Horse is a remote control of the virus program, the program has a strong concealment and harm, it can be unnoticed in the state of control you or monitor you. Some people say, since the Trojan is so powerful, then I can not be far away from it.





However, this trojan is really "naughty", it can be no matter whether you welcome, as long as it happy, it will try to get into your "home"! That also, quickly look at their own computer there is no Trojan, perhaps in the "Home" in trouble! I believe that the rookie who are unfamiliar with the Trojan horse must want to know where this problem. The following is the trick of the Trojan lurking, after watching don't forget to take the trick to deal with these losses.





1. Built into the registry





the above method makes the Trojan really comfortable for a while, no one can find it, and can automatically run, it is fast! However, the long time, the human quickly took it out of the hand, and it was severely punished! But it is also unwilling, summed up the failure of the lesson, that the above hiding place is very easy to find, now must hide in not easy to find place, so it thought of the Registry! Indeed, due to the complexity of the registry, Trojans often like to hide in here merry, quickly check, what program under its, open eyes carefully look, do not let go of the Trojan:





hkey_local_machinesoftwaremicrosoftwindowscurrentversion


all the key values that begin with "run";


hkey_current_usersoftwaremicrosoftwindowscurrentversion


all the key values that begin with "run";


hkey-users_defaultsoftwaremicrosoftwindowscurrentversion


all the key values that begin with "run".


 


2. Hiding in System.ini





Trojan Horse is really everywhere! Where there is a loophole, where it is drilled! This is not, Windows installation directory under the System.ini is also a trojan like hidden place. Or be careful, open this file to see what is different from the normal file, in the file [boot] field, is not such content, that is shell= Explorer.exefile.exe.





if it does have such content, then you are unfortunate, because here File.exe is the Trojan server program! In addition, in the [386Enh] field in System.ini, be careful to check the "driver= Path program name" In this paragraph, there may also be used by Trojans. Again, in the System.ini [mic], [drivers], [drivers32] These three fields, these segments are also played to load the role of the driver, but also a good place to add Trojans, now you should know also to pay attention here.





3. Integrated into the program





actually Trojan is also a server-client program, in order not to allow users to easily delete it, it is often integrated into the program, once the user activates the Trojan, then the Trojan file and an application bundled together, and then uploaded to the server to cover the original file, so even if the trojan was deleted, As long as the application bundled with the Trojan, the Trojan will be installed up. Bound to an application, such as binding to a system file, every time Windows startup starts a Trojan.








4. Lurking in Win.ini





Trojan to achieve control or monitor the purpose of the computer, you must run, however, no one will be silly to their own computer to run the damn Trojan. Of course, the Trojan is also early psychological preparation, know that human is a high IQ of animals, will not help it to work, so it must find a safe and can be in the system start automatically run the place, so lurking in the Win.ini is a Trojan feel more comfortable place. You may wish to open Win.ini to see, in its [Windows] field has the start command "load=" and "run=", in general, "=" after the blank, if there is followed by the program, for example:


Run=c:windowsfile.


Exeload=c:windowsfile.exe


then you must be careful, this file.exe is probably a Trojan horse.





5. Camouflage in Ordinary documents





This method appears late, but is now very popular, for unskilled windows operators, it is easy to be fooled. The method is to disguise the executable file as a picture or text--in the program, change the icon to Windows Default Picture icon, and then change the file name to *.jpg.exe, because the Win98 default setting is "Do not show known file suffix name", the file will appear as *.jpg,   People who don't pay attention to this icon is a Trojan horse (if you embed a picture in the program is more perfect).





6. Stealth in the Startup group





Sometimes Trojans do not care about their whereabouts, it is more attention to the ability to automatically load into the system, because once the Trojan loaded into the system, any way you can not get rid of it (hey, this trojan skin is really too thick), so according to this logic, the Startup group is also a good place to hide the Trojan horse, Because this is really a good place to load and run automatically. The folder that the Startup group corresponds to is:





C:windowsstartmenuprogramsstartup


 


location in the registry:





hkey_current_usersoftwaremicrosoftwindowscurrentversionexplorershellfoldersstartup= " C:windowsstartmenuprogramsstartup "


 


be careful to check the startup group frequently.





7. Concealed in Winstart.bat





According to the above logic theory, the Trojan can automatically load the place, the Trojans like to stay. It's not, Winstart.bat is also a file that can automatically be run by Windows, and is automatically generated in most cases for applications and windows, and starts after Win.com is executed and most drivers are loaded (this can be learned by pressing the F8 key at startup and then by selecting a step-by-step Start method to track the startup process).





because the function of Autoexec.bat can be replaced by Winstart.bat, so the Trojan can be loaded and run as in Autoexec.bat, which is dangerous.





8. Bundle in the boot file





is the application startup configuration file, the control side use these files to start the characteristics of the program, will be made with the Trojan Start command file uploaded to the server to cover the same name file, so you can achieve the purpose of starting the Trojan horse.





9. Set in Super Connection





Trojan owner placed malicious code on the Web page, luring users to click, the user clicks the result is self-evident: Kaimen! Don't just click on the link on the page unless you know it and trust it.





10. Hidden in configuration file





Trojan is too cunning, know rookie are usually using the graphical interface of the operating system, for those already less important configuration files are mostly indifferent, which just gives a trojan to a hiding place. And the use of the special role of configuration files, Trojans can easily in everyone's computer run, attack, and thus peeping or watching everyone.


    


However, now this way is not very covert, easy to find, so in Autoexec.bat and Config.sys loading Trojan program is not seen, but also can not be taken lightly.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.