Beware! Browse the web also Zhongmuma 2001-08-23 10: 17: 35 · · Xiarong ·· Yesky 1 2 3 4 5 Next If I said to you, browse the web, you will be infected with Trojan, do you believe? In fact, this is not believed that I don't believe in the problem. Some people use this technology in half a year to make people recruit! Recently I heard that someone hit a message when browsing a website, so I saw it. In the process of opening the web page, the mouse was strange to become a shaped shape, and it was indeed that the program was running. Open your computer's task manager, you can see a process of a WinCfg.exe. The corresponding file corresponding to the process is C: /WINNT/Wincfg.exe under Win2000, and is C: /Windows/wincfg.exe under Win98. Run the registry editor regedit, in HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run discovers WinCfg.exe, haha, it turns out that it will be registered in the registry boot start project, so each boot will run WinCfg.exe! Note: People give you the next set can set this Trojan's start button name and registration file name. The registration file name is also the name in the runtime process, so everyone can see the results may not be the same. Running the Kingsoft Internet Security, the report found "Backdoor Bnlite", oh, it turned out to be a Trojan BnLite server renamed Wincfg.exe. Don't look at this Trojan service server is not large (6.5K), but its function can be much: ICQ communication function, remote delete server function, set port and run name, IP report (IP address where the report server is located ), Upload download ... If you have this Trojan, the Trojan control is completely built with this Trojan to build a hidden FTP service on your computer, so others have all permissions to enter your computer! Control your computer is very easy! Let me be interested in how the Trojan downloads to the computer that browsing the home page, and runs. Click "Tools" → "Internet Options" → "Security" → "Custom Security Level", all disabled the ActiveX related options, then browse the page, WinCfg.exe is still downloaded and run! It seems that I have nothing to do with ActiveX. In the "Custom Security Level", there are options for file downloads, and then browse this page, haha! This is no longer downloaded by WinCfg.exe. Let's take a look at how Wincfg.exe downloaded to the browser computer, click on the right mouse button on the page, select "View Source Code", and find a suspicious sentence in the web code: iframe SRC = "WinCFG .eml "width = 1 height = 1 Note" WinCfg.eml "? Everyone knows that EML is email format, what is the EML file in the webpage? Very suspicious! Browse this page again, then look at the task manager, the WinCfg.exe process is back, the original question is on this file! Since the issue is on this file, of course, I want to get a way to see this file. Download the file with the ants, the mouse just pan, WinCfg.exe is executed again, it is really a soul! 1 2 3 4 5 Next Page
【Post a comment】
【close the window】
