The virus of the virus has sprung up, the virus has invaded our computer unscrupulously, the interception of the anti-virus program has blocked, and the computer defense battle is performed every day on the computer. One day, you will suddenly find that the QQ you are hanging on is actually some scam information and unsightly pictures, or forced to go offline when QQ is good. Then we opened the defense war of the defense virus ourselves. We first changed the secret, and then went back through the appeal. In this case, is there any good way to prevent it? Please see the article below.
How to judge the Trojan
Patient: Trojan horse damage is too big, then how do I know the Trojan in my computer?
Doctor: Trojan in the computer After that, sometimes there are some very typical symptoms, such as automatic shutdown of anti-virus software, slow computer running, frequent pop-up web page pop-ups, some programs in the system can not run, etc.; sometimes the symptoms are not obvious, but we You can use some clues to analyze whether the computer has a Trojan, such as viewing "Task Manager", whether there are unfamiliar processes (once you find it, go online to see if it is a virus program), from the system folder, the registry , start the program, etc. to see if there are suspicious files or items.
Let's take a look at some common behaviors of Trojans using a computer infected with the recently active SoundMan Trojan.
Tips: SoundMan Trojans
SoundMan Trojans are a version of the Realtek sound card related programs and icons to confuse users "Online Trojan Downloader", it has the ability to shield the display hidden in addition to the ordinary Trojan In addition to the function of the file, you can also start itself with a replacement service, etc., and have the function of ending the anti-virus software and downloading a large number of online games Trojans in the background.
1. Hidden files can no longer be displayed
Open a folder and select “Tools/Folder Options> in the menu above, and check in “View” Display all files and folders & rdquo; and remove the check mark in front of <; hide the extension of the known file type & rdquo;. After such an operation, the hidden file still cannot be displayed.
Tip: Once you find that you have set all files and folders to be displayed, and the system still can't display hidden files, you must pay enough attention to it. It is very likely that Trojans will invade.
2.View System32 folder
Enter System32 folder (assuming WindowsXP is installed on C drive), you can find that the Trojan created ineters.exe, SoundMan.exe, tthh3.ini Files (Editor's note: We have already dealt with the display of hidden files before).
Tip: Trojans generally release virus files and related ini files in the system folder System32. If you suspect a Trojan, be sure to check the files created in this folder before and after the poisoning symptoms.
3.View User Accounts
Click on “Start/Settings/Control Panel", double-click “User Account”, if the Guest account in the computer is found to be activated for no reason, or There are more unfamiliar accounts, such as an account named Microsoft, and you should be vigilant. This is also a typical feature of infected Trojans.
4.View auto file
When the SoundMan.exe Trojan is in the system, the Trojan will write to auto.exe and autorun.inf as long as there is new removable storage access. File, so we found any auto, autorun option in the right mouse button menu, or found in the mobile hard disk or flash root directory to find the two files auto.exe and autorun.inf, it proves poisoned.
Tip: Now Trojans generally use the autoplay feature of the mobile storage settings to write and propagate viruses, so if auto.exe and autorun.inf are found in the hard disk partition and the root directory of the removable storage device Two files, both computers and mobile hard drives have been poisoned.
In addition to checking the above places, we can also find clues from the following places where Trojans like to hide.
One is to determine whether it is poisoned from the "Win.ini" file. Use Notepad to open the Win.ini file in the "C:Windows" directory. In the [windows] field of the file, look for the start command “load=” and “run=” followed by the program, in general, “=” behind is blank, if in the “=&rdquo The number is followed by the program (Figure 2), which is usually a Trojan virus.
The second is to determine whether it is poisoned from the "System.ini" file. Use Notepad to open the "System.ini" file located in the "C:Windows" directory. If you find the program in the [boot] field after "shell=Explorer.exe", it is usually a Trojan server program. . In addition, in the [386Enh] field in System.ini, be careful to check the "driver=path program name" in this section, which may also be used by Trojans. The three fields [Mic], [drivers], and [drivers32] in System.ini play the role of loading drivers, but they are also a good place to add Trojans, so they need to be checked.
The third is to open the registry editor to find. Trojans generally use the Run, RunServices, RunOnce and other sub-items in the registry to load, enter “regedit” enter & quoquo; regedit” enter the registry editor, view in the following places .
(1) Startup items in the registry
Check if RunServices, RunServicesOnce, Run, RunOnce, and HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion under HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion" Suspicious items.
If you find that some unfamiliar programs are loaded into the system folder, then you may have a Trojan virus.
(2) File Association Keys
Some Trojans also load programs by modifying the key values of a certain type of file in the registry. Check “HKEY_CLASSES_ROOTXXX (Editor: XXX here can be exefile, comfile, batfile, htafile, piffile) shellopencommand” subkeys in the "default" value: "““%1”%*”; check“ HKEY_LOCAL_MACHINESoftwareCLASSESXXX (Editor: XXX here can be exefile, comfile, batfile, htafile, piffile) shellopencommand” subkey "default" value: "““%1”%*”.
These “%1%*” can be assigned values. If the default value is modified, for example, the virus Trojan changes it to “muma.exe%1%*”, it may be poisoned. Previous12Next page Total 2 pages
For the security of our computers, sometimes we need to encrypt the local disk so t
On a local area network, when viewing a workgroup computer, it says that it is inac
When we install a system on our own computer, we often need to partition our disk.
WinXP users like to use 360 software to set the boot items on the computer, but after using this m
Thoroughly understand the role of windows boot process
Explain the principle of cracking Windows login password
Teach you to build a universal Windows package
XP boot blue screen prompt stop 0x000000c2 error how to fix
Change the IP address gateway? Use the netsh command
How to solve the problem that WinXP computer security mode can't get in?
How to make WinXP automatically sleep
Windows system anti-virus tricks Security protection five tips
High-performance computer can start Win 7 SP1 in 10 seconds
Windows10 how to set the lock screen wallpaper to change a fresh or personalized wallpaper
How does Win10 add a control panel icon to the desktop for quick opening
Win7 system computer plug-in keyboard can not be identified Causes and solutions
Developers' interest in WP declines for the first time, and will “figh” Win10 full platform
Turn on Windows 8.1 "slide screen to turn off your PC" method
IdeaPad Y400& Y500 Win8 Operation Guide for Wireless Restricted Problems
How to remove extra fonts in Win10 system?
Win8 system to open the method of limiting the number of account login errors