QQ on the hacking Trojan invading the computer, suddenly being prompted by the system to use QQ outside, and was forced to go offline. Such a phenomenon, it is estimated that most of the friends who like to hang Q have encountered. Then, he went to change again and went back. In such a situation, is there any good way to prevent it? In the network, unscrupulous Trojans steal Internet transaction accounts and obtain user private information for profit. Ordinary users often have serious consequences due to insufficient understanding of Trojans and scorn for security. Many people have the experience of a Trojan horse, so how to remove the Trojan, how to protect it, please see the following article. How to judge the Trojan patient: Trojan horse damage is too big, then how do I know that my computer has a Trojan? Doctor: After the Trojan is in the computer, sometimes there are some very typical symptoms, such as the automatic shutdown of the anti-virus software, the slow running of the computer, the frequent pop-up of some strange webpage windows, the inability of certain programs in the system to run, etc. It's not obvious, but we can use some clues to get a preliminary analysis of whether the computer has a Trojan, such as checking the "Task Manager" for unfamiliar processes (once you find it, go online to see if it is a virus program), from the system file. Check folders, registry, launcher, etc. to see if there are suspicious files or items. Let's take a look at some common behaviors of Trojans using a computer infected with the recently active SoundMan Trojan. Tip: SoundMan Trojan SoundMan Trojan is a "online Trojan downloader" that uses Realtek sound card related programs and icons to confuse users. In addition to the ability of ordinary Trojans to block the display of hidden files, you can also use the replacement service to start itself. And has the ability to end anti-virus software and download a large number of online games Trojans in the background. 1. Hidden files can no longer be displayed Open a folder, select "Tools/Folder Options" in the upper menu, check "Show all files and folders" in "View", and remove "Hide known file types" The hook in front of the extension. After such an operation, the hidden file still cannot be displayed. Tip: Once you find that "Show all files and folders" is set, and the system still can't display hidden files, you must pay enough attention and there is a high probability that Trojans will invade. 2. View the System32 folder into the System32 folder (assuming Windows XP is installed on the C drive), you can find that the Trojan has created three files: inetters.exe, SoundMan.exe, tthh3.ini (Editor's note: we have hidden the display before) The file was processed). Tip: Trojans generally release virus files and related ini files in the system folder System32. If you suspect a Trojan, be sure to check the files created in this folder before and after the poisoning symptoms. 3. View the user account Click “Start/Settings/Control Panel”, double-click “User Account”, if you find that the Guest account in the computer is activated for no reason, or you have more strange accounts, such as an account named Microsoft, To be vigilant, this is also a typical feature of infected Trojans. 4. View the auto file When the SoundMan.exe Trojan is in the system, the Trojan will write the auto.exe and autorun.inf files as long as there is new removable storage access, so we found auto in the right mouse button menu. , autorun any option, or view the two files found auto.exe and autorun.inf in the mobile hard disk or flash root directory, it proves poisoned. Tip: Now Trojans generally use the auto-play feature of the mobile storage settings to write and propagate viruses, so if you find the two files auto.exe and autorun.inf in the hard disk partition and the root directory of the removable storage device, then the computer Both the mobile hard disk and the mobile hard disk have been poisoned. In addition to checking the above places, we can also find clues from the following places where Trojans like to hide. One is to determine whether it is poisoned from the "Win.ini" file. Use Notepad to open the Win.ini file in the "C:Windows" directory. In the [Windows] field of the file, look for the start command "load=" and "run=" after the program, in general, "=" is followed by a blank, if followed by the "=" sign (Figure 2 ), that is usually a Trojan virus. The second is to determine whether it is poisoned from the "System.ini" file. Use Notepad to open the "System.ini" file located in the "C:Windows" directory. If you add the program after "shell=Explorer.exe" in the [boot] field, it is usually a Trojan server program. In addition, in the [386Enh] field in System.ini, pay attention to check the "driver=path program name" in this section, which may also be used by Trojans. The three fields [Mic], [drivers], and [drivers32] in System.ini play the role of loading drivers, but they are also a good place to add Trojans, so they need to be checked. The third is to open the registry editor to find. Trojans generally use the Run, RunServices, RunOnce and other sub-items in the registry to load, enter "regedit" in the "Start" /"Run" to enter the Registry Editor, in the following places to view. (1) Startup items in the registry Check whether there are suspicious items under RunServices, RunServices, Run, RunOnce and RunServices, Run, RunOnce under HKEY_LOCAL_MacHINESoftwareMicrosoftWindowsCurrentVersion. If you find that some unfamiliar programs are loaded into the system folder, then the Trojan virus may be in the middle. (2) File association keys Some Trojans also load programs by modifying the key values of a certain type of file in the registry. Check "HKEY_CLASSES_ROOTXXX (Editor: XXX here can be exefile, comfile, batfile, htafile, piffile) shellopencommand" subkey "default" value: "%1"%*"; check "HKEY_LOCAL_MacHINESoftwareCLASSESXXX (Editor: here XXX can be the "default" value in the exefile, comfile, batfile, htafile, piffile) shellopencommand subkey: "%1"%*". These "%1%*" can be assigned, and if the default value is modified, for example, the virus Trojan changes it to "muma.exe%1%*", it may be poisoned. Sweeping the network Trojan Patient: I have already got a Trojan, how should I clear it? Doctor: If there is no important data in the computer system partition, then it is the easiest way to restore the system directly by using backup and one-click recovery. If you can't do this, you can use some tools to help clean up the Trojan. At present, many Trojan viruses, such as SoundMan.exe in this example, can remove the security software startup project, hijack security/antivirus software, and connect to the network to download other Trojans and viruses. So the first thing to do is to delete the registry startup items, fix the hijacked anti-virus software/security software, and then use anti-virus software or killer tools to remove the Trojan. Download the SREng software and change the name to run. First, fix the RUN key in the registry. Select the "Registry" tab in the "System Repair" option to delete the unknown startup project, such as the path to the system folder (C: Windowssystem32). Or the SoundMan.exe Trojan virus program startup item in C:winntsystem32) (Figure 3). Tip: In addition to the "registry" startup items, we'd better go into the "Win.ini" and "System.ini" options in the "Startup Project" to view and clear the associated virus add-ons to avoid a resurgence of the virus. Then select the "File Association" option in "System Repair", check the wrong file association, click the "Repair" button, fix the program hijacked by the Trojan virus, including anti-virus software and some security tools. In order to prevent the activation of the Trojan, click "Repair Security Mode" in the "Advanced Repair" option of "System Repair" to repair the computer security mode, and finally enter the security mode to update the antivirus software virus database and virus killing. At the same time, download the Trojan virus killing tool to scan Trojans and viruses. Tip: In addition to using SREng software for repair, we can also use the small toolkit for system repair, the gadget package is downloaded on the computer newspaper website, open the toolkit, double-click to restore the hidden file. REG import registry, then open IcesWord Software, clear the virus files in the system folder, use the IFEO image hijacking repair tool to repair the hijacked anti-virus software and security software, and finally use anti-virus software to kill. After the gadget is downloaded, rename it and use it again to avoid being hijacked by the Trojan virus. How to prevent Trojans Patient: Although the Trojan has been cleared, how can I avoid the computer being attacked by Trojans in the future? Doctor: In order to better protect the system from damage, we will defend our online game account. In addition to making a backup for a completely clean and non-toxic system, we can also use the following methods to prevent online games. 1. Anti-virus software and firewall must be installed and upgraded. The corresponding system patches should be updated at any time, and virus Trojan scanning should be performed regularly. 2. Install game account protection software There are a lot of security tools for online game account protection. They adopt different principles, but they have certain protection for game accounts. If you can, you can install such protection software. How to choose, you can refer to the evaluation of the F7 version of this issue. 3. Through the registry settings, stop the virus from hijacking anti-virus software through IFEO, the specific operation method: Click "Start" → "Run", enter regedt32 in the command line, find HKEY_LOCAL_MacHINESOFTWAREMicrosoftWindowsNTCurrentVersionImageFileExecutionOptions, right-click this option, in the pop-up menu Select "Permissions" and then cancel the permissions of the Administrators and Users groups. Use the registry to limit IFEO's read and write permissions to develop safe computer operating habits + strict security settings + regular check of these three powerful potions, we can completely let the virus Trojan away from their computer systems, play online games again Don't worry about getting in touch with the Trojan! However, due to the need for a certain computer foundation for the installation and use of anti-virus software and security tools, the entire Trojan industry chain has grown more and more due to the lack of effective legal monitoring. As a result, many users who are unfamiliar with computer security settings have encountered Trojans. The user's private information, once mastered by criminals, will have serious consequences for the user. We call on computer users to strengthen their own computer security awareness and skills, but also need national laws and network supervision departments to work together to create a safe network environment!