Trojan, I according to own some experience said several methods
1. Time Comparison method
In chronological order to find the latest changes in the ASP file, open look, is not a trojan, what, do not understand the code, then you put the ASP file is not your own, the name of a look at a glance out. For example, what diy.ap.dm6.asp,angel.asp.shell.asp files, suspicious ASP files are not created by yourself
(In fact 2000,xp all have smss.exe necessary process, but its path is c:\winnt\system32, see the Path tool can use Process Explorer this tool to see)
Write a Autocommand.ini file in D disk that can be deleted, but deleted and then automatically generated.
First, restore the system disk mirroring, enter the system. Found to be still poisoned
Two view registry startup project run has a load item tprogram=c:\windows\smss.exe, you can delete it, and after the startup registry has this!
Computer newspaper mentioned a Trojan-free anti-virus that can easily penetrate Kabbah, rising, and Norton's active defense functions: byshell. So I searched the internet and found the byshell promotion version. It indicates that the byshell promotion version can be used through the default settings of kabarex Norton for active defense. I went back to the promotion version and tried to check whether the mic
a trojan download, it can download a lot of Trojans, but the test has not been implanted successfully ...13. Add registry entries under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run at the same time14. Add a registry entry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Nt\currentversion\winlogon\notify\winlogon15. There is text in the virus body: "nofixups!" " Just test! "All
Windows systems are integrated with countless tools that perform their respective duties to meet different application needs of users. In fact, these tools are "versatile". If you have enough imagination and are good at mining, you will find that they can also help us to counter viruses in addition to the industry.
I. The task manager gives a knife to the virus
Windows Task Manager is the main tool for you to manage processes. You can view the current
With the rising of the virus can not be worse, with Kabbah upgrade to May 25 after the ability to find, but note that Kabbah will infect Word documents, pictures together delete!
Because a lot of documents are urgent and important, if lost on the problem is serious, so do not understand the computer do not use Kaspersky, because he is too professional.
Fortunately, the source file is not many, I deleted a few, the specific removal method on the Intern
Characteristics of the virus:
The biggest feature of the virus is self-replicating, from the classification of viruses there are many kinds, here we will introduce the most popular add-onVirus, which is adapted to the normal file to achieve its own replication purposes.From a procedural point of view, we have two things to do:
1, so that the program can be copied to other programs without affecting the wo
other words, the system.exe process with pidas 1536is created by a process with PID 676. Return to the task manager and query the process PID to find that the process is a worker internet.exe process. ()Figure 1 PID process queryAfter finding the culprit, You can restart the system to enter the safe mode. Use the search function to find the trojan file c: \ windows \ internet.exe and delete it. The main reason is that internet.exe is not found (and i
1. View Traffic Graph Discovery problemLook at the time the page is very card, sometimes not even respond2. Top Dynamic Viewing processI immediately telnet to the problem of the server, remote operation is very card, network card out of the traffic is very large, through the top found an abnormal process occupies a high resource, the name is not carefully see also really thought is a Web service process.4. End the exception process and continue tracking
Killall-9 nginx1
Rm-f/etc/ngi
hard disk bombs and other winrar bundled together, and then made into a self-extracting file, so the threat to everyone will be greater! Because it can not only destroy the registry, but also destroy the hard disk data, think about it is not very scary?
It's not hard to see from the example above that WinRAR's self-extracting function is so powerful that it makes it impossible for people who can't program to make very malicious programs in a short time. And for the containing
lovelet2ter coming from me" and takes a name called"Love letter Foryoutxt." VBS "with poison attachment. Once the user has opened the attachment, it activates the hidden virus program, so they start the mail client out look will be sent with poison mail, causing a ripple effect.
You can also pass. HTM file or a mIRC script to propagate. After infecting this virus, it automatically looks for local drives an
Trojan rootkit. win32.mnless, Trojan. win32.edog, etc.
EndurerOriginal2008-02-021Version
Ie lost response after opening the website ......
Code found at the bottom of the homepage:/------/
1 hxxp: // 8 ** 8.8*812 ** 15.com/88.htmCode included:/------/
1.1 hxxp: // 8 ** 8.8*812 ** 15.com/in.htmCode included:/------/
1.1.1 hxxp: // y ** UN. y ** un8 ** 78.com/web/6620.38.htmCode included:/------/
1.1.1.1 hxxp
Many cainiao who do not know much about security will be helpless after the computer becomes a Trojan. Although many new anti-virus software versions on the market can automatically clear most of the Trojans, they cannot prevent new Trojans. Therefore, the most important thing to do is to know how a trojan works. I believe that after reading this article, you wil
When you use anti-virus software to scan and kill viruses, you will often find some viruses on your computer. They all have a long string of names, such as Worm. padobot. u, Backdoor. RBot. abc, etc. What does it mean? In fact, the virus name already contains the type and characteristics of the virus.Next we will introduce how to name a virus? Also, let's take a
1, the establishment of non-standard directory: mkdir images. \
Copy ASP Trojan to directory: Copy c:\inetpub\wwwroot\dbm6.asp c:\inetpub\wwwroot\images. \news.asp
Accessing ASP Trojans via the Web: http://ip/images../news.asp?action=login
How to delete a nonstandard directory: RmDir images. \ s
2. iis in Windows resolves files in directories that end with. asp to achieve the purpose of hiding the back door of our own pages:
mkdir programme.asp
New 1.
For a friend who often surf the internet, the Trojan horse will not be unfamiliar, open a website, inexplicably run a trojan, although the "Internet Options" in the "security" settings, but the following code will not pop any information directly run the program, do not believe that follow me!
(Hint: just understand the technology and methods, do not do damage, Yexj00.exe is a windows2000 vulnerability scan
by a large number of virus and Trojan writers ". Using the IE vulnerability, you can create Web Trojans, install the account theft program, steal accounts, and obtain RMB. In this black industry chain, IE is actually the easiest part to cut. Cherish the system, the system must be updated, and anti-virus software that can prevent web Trojans should be used. Use I
\plugins\ directory, you should find New123.bak and new123.sys two files;
View your C:\Documents and settings\administrator\local settings\temp\ directory, Should find Microsoft.bat this file, you can use Notepad to open the Microsoft.bat file, found that mention an EXE file (the specific name will be different), you will also find this in the directory EXE file;
If the above two steps you do not find the appropriate file, please change your file view to do not hide the known file suffix, and in
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.