Trojan horse is a remotely controlled hacking tool whose hiddenness and harmfulness are not generally large. In the xp system, it is a relatively easy-to-follow system, so users of the xp system must learn to manually remove the Trojan horse.
Trojan hiding and general troubleshooting technology
●Start Trojan in Win.ini:
There is a startup command in the [Windows] section of Win.ini“load =” and “run=”, in the general case, “=” is empty, if followed by a program, for example:
run=C:Windows ile.exe
load=C:Windows ile.exe
Then this file.exe is probably a Trojan.
● Modify the file association in the Windows XP registry:
Modifying the file association in the registry is a common method used by Trojans. How to modify it has been used in the first few articles of this series. set forth. For example, under normal circumstances, the txt file is opened in Notepad.exe (Notepad), but once the file associated Trojan is infected, the txt file becomes a Trojan. For example, the famous domestic Trojan "glacial" is to change the key value of the registry key under the HKEY_CLASSES_ROOT xtfileshellopencommand subkey branch to the default value of "C:Windows otepad.exe %1" and change it to "C: WindowsSystemSysexplr.exe", so that when you double-click a txt file, the file that should have been opened with Notepad is now the startup Trojan. Of course, not only txt files, but also other types of files, such as htm, exe, zip, com, etc., are also the targets of Trojans. Be careful.
For this type of Trojan, you can only check the shell opencommand subkey branch of the file type in HKEY_CLASSES_ROOT in the registry to see if its value is normal.
●Bundle Trojan files in Windows XP system:
To achieve this trigger condition, the control terminal and the server must first establish a connection through the Trojan, and the console user can use the tool software to process the Trojan files and An application is bundled together and uploaded to the server to overwrite the original file, so that even if the Trojan is deleted, the Trojan will be reinstalled as long as the application with the Trojan is run. If bundled on a system file, the Trojan will start every time Windows XP starts.
●Start Trojan in System.ini:
The shell=Explorer.exe in the [boot] section of System.ini is a favorite place for Trojans. The usual practice of Trojans is to The statement becomes like this:
Shell=Explorer.exe file.exe
The file.exe here is the Trojan server program.
Also, in the [386enh] section, be sure to check the "driver=path program name" in this section, as it may also be used by Trojans. [mic], [drivers], [drivers32] These three sections are also to load the driver, so it is also an ideal place to add Trojans.
●Using the Windows XP registry to load and run:
The following location in the registry is the hiding place for Trojans:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion subkey branches all underneath The key value item data at the beginning of run”.
HKEY_LOCAL_MACHINESOFTWARE MicrosoftWindowsCurrentVersion subkey branch all key data items starting with “run”
HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersion subkey branch all key data items starting with “run”
●Loading the running Trojan in Autoexec.bat and Config.sys:
To establish the connection between the console and the server, upload the file with the same name of the Trojan startup command to the server. Two files can start the Trojan in this way. However, it is not very concealed, so this method is rare, but it cannot be taken lightly.
●Start Trojan in Winstart.bat:
Winstart.bat is also a file that can be automatically loaded and run by Windows XP. Most of them are automatically generated by the application and Windows. .com or Kernel386.exe, and after loading most of the drivers, start execution (this can be done by pressing F8 at startup to select the step-by-step way to start the boot process). Since the function of Autoexec.bat can be replaced by Winstart.bat, the Trojan can be loaded and run as it is in Autoexec.bat.
General Detection Technology for Trojan Viruses
Now, we already know the hiding place of Trojan horses. It is easy to kill Trojans. If you find that your computer has a Trojan horse, the safest and most effective way is to immediately open the network segment to prevent computer hackers from attacking you through the network. Perform the following steps:
l Edit the Win.ini file. Change the "run=trojan program" or “load=trojan program> under the [Windows] section to “run=”,“load=”.
l Edit the System.ini file and change the "shell=trojan file" under the [boot] section to <;shell=Explorer.exe”.
l Modify in the Windows XP registry: first find the file name of the Trojan in the HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun subkey branch, and find the Trojan in the entire registry to delete or replace it. But the awful thing is that not all Trojans can be deleted as long as they are deleted. Some Trojans will be added automatically when they are deleted. In this case, you need to record the location of the Trojan, its path and file name. Then retreat to the DOS system, find this file and delete it. Restart the computer and return to the registry again to delete the key entries of all Trojan files.
Trojans enter the system invisibly, many users are undetectable, plus its mysterious stealth, it is even more difficult, users only spend more time and patience to investigate, The mines hidden in the system are swept away to ensure the safety of the system.
We installed a game or software on the WinXP system computer. After installation, w
Nostalgia has become a common feature of many 80s and 90s. After WinXP stopped the service, many use
The services that come with the general system cannot be deleted. Some software needs to be deleted.
Have you ever encountered a file name disappearing after clicking the thumbnail in
Make WinXP more secure, a few tricks, super killing skills
How does WinXP use batch file to identify whether IP address Ping is connected to
Drive the reloaded extra local connection 2? Three steps to get
Computer rookie must see: better use of Windows security mode coup
How to change the name of WinXP recycle bin
How to solve WinXP does not display my recent documentation problem
WinXP can't open exe format file?
How to remove stubborn GoogleUpdate process under WinXP
Press the F8 key to enter the safe mode menu meaning full solution
What is the process of WinXP system ZhuDongFangYu.exe? How to end the ZhuDongFangYu.exe process?
What should I do if WinXP detects an incompatible keyboard driver?
Win10 app store flashback and click on the Cortana search box did not respond to the solution
Win10 program to quickly create two ways of desktop shortcuts
How is my world bone powder synthesized? What is the use of bone marrow in my world?
Windows7 system download total drop how to solve (1)
Win8 synchronization function makes your Windows settings go to the world
How to customize the production win10 theme? Win10 theme production method introduction
Win10 upgrade C drive $Windows.~BT What is the folder? Very occupied space
XP vs. Vista vs. Win7 Performance Comparison Test
Win10 official version upgrade second wave push time exposure The fastest next week
Win7 how to upgrade Win10 Win7 upgrade Win10 graphic tutorial