Troja is a viral program based on remote control, which has strong concealedness and harm, which can control you or monitor you in a state where people don't know. Some people say that since the Trojan is so powerful, then I will not be a little from it! However, this Trojan is really "naughty", it can be welcomed, as long as it is happy, it will try to get to you "home"! Oops, then I have to have, hurry to see if there is any Trojan in my computer, saying that "home" is in the wind! Then how do I know where the Trojan is, I believe that the rookie who is not familiar with Trojans will definitely want to know such a problem. Below is the trick of Trojan, I don't want to forget to take the tricks in the future.
1, integrated into the program
In fact, Trojans are also a server-client program, which is often integrated into the program in order not to let users easily delete it, once the user activates Trojans, then the Trojan file is bundled together, and then uploaded to The server covers the original file, so that even if the Trojan is deleted, the Trojan will be installed again as long as the Trojan is bundled. Bind to a certain application, such as binding to the system file, then every Windows startup will start Trojan.
2, hidden in the configuration file
Trojans are too embarrassing. If the rookies usually use the operating system of the graphical interface, most of them are not asking for those who are not very important, this is just a hidden horses. Moreover, using the special role of the configuration file, the Trojans can easily run, episodes, and thus voyeur or monitor everyone. However, this way is not very concealed, it is easy to find, so it is not very common in autoexec.bat and config.sys, but it can't be inevitable.
3, lurking in Win.ini
Trojans want to achieve control or monitor the purpose of monitoring your computer, you must run, but no one will be stupid to run this damn Trojan in his computer. Of course, the Trojans are also mentally prepared. It is known that human beings are highly intelligent animals. It will not help it work, so it must find a place that is safe and automatically running when the system is started, so I lap in Win.ini is Trojans feel more comfortable. Everyone may want to open Win.ini to see, there is a launch command "LOAD =" and "Run =" in its [Windows] field, in general "=" is blank, if there is a follower, This is like: run = c: \windows\file.exe loading = c: \windows\file.exe
At this time, you have to be careful, this file.exe is likely to be a Trojan.
4, disguise in ordinary files
This method is relatively late, but it is very popular now, it is easy to be upright for unskilled Windows operators. The specific method is to disguise the executable file into a picture or text --- to change the icon into the default picture icon of Windows in the program, then change the file name to * .jpg.exe, because the win98 default setting is "not displayed Knowing the file suffix name ", the file will be displayed as * .jpg, unaware of the person, this icon is in the Trojans (if you are in the program, it is more perfect).
5, built into the registry
The above method makes the Trojans a lot of comfort, no one can find it, it can run automatically, it is really fast! However, the good scene is not long, and the human beings will quickly punish it, and it has been severely punished it! But it's still unwilling, summarizing the lessons of failure, think that the above hidden is easy to find, and now you must hide in a place that is not easy to discover, so it thinks the registration form! Due to complication, Trojans often like to hide it is happy here, hurry, have any programs, open your eyes carefully, don't let go of Trojock: HKEY_LOCAL_MACHINE \CurrentVersion Under All The key value starting with "run"; hkey_current_user \Software\Microsoft \Windows \CurrentVersion All key values starting with "run"; HKEY-user\MICROSOFAULT \Software\Microsoft \Windows \currentversion starts with "Run" Key value. 6, hiding in System.ini
Trojan is really everywhere! Where is there a woman, where is it drilling! This is not, System.ini under the Windows installation directory is also a place where Trojans like hidden. Still be careful, open this file to see, it is different from normal files, in the [boot] field of the file, is there such a content, that is, shell = explorer.exe file.exe, if there is this The content, then you are unfortunate, because the file.exe here is the Trojan service server! In addition, in the [386NH] field in System.ini, pay attention to check the "driver = path \ program name" in this paragraph, which may also be utilized by Trojans. Moreover, in the three fields of [MIC], [Drivers], [Drivers32] in System.ini, these segments are also the role of loading the driver, but it is also a good place to add Trojans. Now you should know Be careful here.
7, invisible to the startup group
Sometimes Trojans don't care about your own whereabouts, it is more note that it can be automatically loaded into the system, because once the Trojans are loaded into the system, let you use what method you can run (Hey, this Trojan face is really too Thick), so according to this logic, the startup group is also a good place to hide the Trojan, because here is indeed a good place to automatically load. The corresponding folder corresponding to: c: \windows\start menu\programs\startup, in the registry: hkey_current_user \Software ∎Microsoft \Windows \currentversion \
Explorer \Shellfolders Startup = "C: \windows\start menu \Programs\startup". Pay attention to the start groups often check!
8, hidden in WinStart.bat
According to the logical theory above, all the places that benefit the Trojan can be loaded automatically, and the Trojans like to stay. This is not, WinStart.bat is also a file that automatically loaded by Windows. In most cases, it is automatically generated for the application and Windows. In the execution of Win.com and loads the most driver, it will start (this can be started Press the F8 key to select the step-up method of step-by-step startup process. Since Autoexec.Bat can be completed by WinStart.bat, the Trojans can be loaded as loaded as in AutoExec.bat, which is dangerous. 9, bundle in the startup file
That is, the application's launch profile, the control terminal uses these files to start the characteristics, and upload the work with Trojan Start Commands to the server to overwrite this same name file, which can achieve the purpose of starting Trojans.
10, set in the super connection
Trojan's owner places malicious code on the webpage, lures the user to click, the user clicks the result is self-evident: open the door! Advise do not click on the link on the webpage, unless you understand it, trust it, and will die for it.
