Windows system >> Windows XP System Tutorial >> XP system application skills

Tips for manually clearing Trojan horses under xp system

  

Trojan horse is a remotely controlled hacking tool whose hiddenness and harmfulness are not generally large. In the xp system, it is a relatively easy-to-follow system, so users of the xp system must learn to manually remove the Trojan horse.

Trojan hiding and general troubleshooting technology

●Start Trojan in Win.ini:

There is a startup command in the [Windows] section of Win.ini“load =” and “run=”, in the general case, “=” is empty, if followed by a program, for example:

run=C:Windows ile.exe

load=C:Windows ile.exe

Then this file.exe is probably a Trojan.

● Modify the file association in the Windows XP registry:

Modifying the file association in the registry is a common method used by Trojans. How to modify it has been used in the first few articles of this series. set forth. For example, under normal circumstances, the txt file is opened in Notepad.exe (Notepad), but once the file associated Trojan is infected, the txt file becomes a Trojan. For example, the famous domestic Trojan "glacial" is to change the key value of the registry key under the HKEY_CLASSES_ROOT xtfileshellopencommand subkey branch to the default value of "C:Windows otepad.exe %1" and change it to "C: WindowsSystemSysexplr.exe", so that when you double-click a txt file, the file that should have been opened with Notepad is now the startup Trojan. Of course, not only txt files, but also other types of files, such as htm, exe, zip, com, etc., are also the targets of Trojans. Be careful.

For this type of Trojan, you can only check the shell opencommand subkey branch of the file type in HKEY_CLASSES_ROOT in the registry to see if its value is normal.

●Bundle Trojan files in Windows XP system:

To achieve this trigger condition, the control terminal and the server must first establish a connection through the Trojan, and the console user can use the tool software to process the Trojan files and An application is bundled together and uploaded to the server to overwrite the original file, so that even if the Trojan is deleted, the Trojan will be reinstalled as long as the application with the Trojan is run. If bundled on a system file, the Trojan will start every time Windows XP starts.

●Start Trojan in System.ini:

The shell=Explorer.exe in the [boot] section of System.ini is a favorite place for Trojans. The usual practice of Trojans is to The statement becomes like this:

Shell=Explorer.exe file.exe

The file.exe here is the Trojan server program.

Also, in the [386enh] section, be sure to check the "driver=path program name" in this section, as it may also be used by Trojans. [mic], [drivers], [drivers32] These three sections are also to load the driver, so it is also an ideal place to add Trojans.

●Using the Windows XP registry to load and run:

The following location in the registry is the hiding place for Trojans:

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion subkey branches all underneath The key value item data at the beginning of run”.

HKEY_LOCAL_MACHINESOFTWARE MicrosoftWindowsCurrentVersion subkey branch all key data items starting with “run”

HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersion subkey branch all key data items starting with “run”

●Loading the running Trojan in Autoexec.bat and Config.sys:

To establish the connection between the console and the server, upload the file with the same name of the Trojan startup command to the server. Two files can start the Trojan in this way. However, it is not very concealed, so this method is rare, but it cannot be taken lightly.

●Start Trojan in Winstart.bat:

Winstart.bat is also a file that can be automatically loaded and run by Windows XP. Most of them are automatically generated by the application and Windows. .com or Kernel386.exe, and after loading most of the drivers, start execution (this can be done by pressing F8 at startup to select the step-by-step way to start the boot process). Since the function of Autoexec.bat can be replaced by Winstart.bat, the Trojan can be loaded and run as it is in Autoexec.bat.

General Detection Technology for Trojan Viruses

Now, we already know the hiding place of Trojan horses. It is easy to kill Trojans. If you find that your computer has a Trojan horse, the safest and most effective way is to immediately open the network segment to prevent computer hackers from attacking you through the network. Perform the following steps:

l Edit the Win.ini file. Change the "run=trojan program" or “load=trojan program> under the [Windows] section to “run=”,“load=”.

l Edit the System.ini file and change the "shell=trojan file" under the [boot] section to <;shell=Explorer.exe”.

l Modify in the Windows XP registry: first find the file name of the Trojan in the HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun subkey branch, and find the Trojan in the entire registry to delete or replace it. But the awful thing is that not all Trojans can be deleted as long as they are deleted. Some Trojans will be added automatically when they are deleted. In this case, you need to record the location of the Trojan, its path and file name. Then retreat to the DOS system, find this file and delete it. Restart the computer and return to the registry again to delete the key entries of all Trojan files.

Trojans enter the system invisibly, many users are undetectable, plus its mysterious stealth, it is even more difficult, users only spend more time and patience to investigate, The mines hidden in the system are swept away to ensure the safety of the system.

XP system application skills
Windows system
How to solve the problem that there is an icon on the WinXP desktop?

                 We installed a game or software on the WinXP system computer. After installation, w
WinXP running DOS game tutorial sharing

Nostalgia has become a common feature of many 80s and 90s. After WinXP stopped the service, many use
WinXP deletes the undesired service in the system.

The services that come with the general system cannot be deleted. Some software needs to be deleted.
WinXP clicks on the thumbnail, how to deal with no file name?

                 Have you ever encountered a file name disappearing after clicking the thumbnail in

WinXP wallpaper settings notes

                 We can show our personality by setting a unique wallpaper. How can we set a wallpap
Using Word 2003 makes it easy for you to read the document

Everyone has different tasks for applying Word, so the requirements for Word are different. Although
  • XP system application skills
  • XP system basics
  • Xp FAQ
  • About XP system tutorial

    • Win10 app store flashback and click on the Cortana search box did not respond to the solution

    Win10 program to quickly create two ways of desktop shortcuts

    How is my world bone powder synthesized? What is the use of bone marrow in my world?

    Windows7 system download total drop how to solve (1)

    Win8 synchronization function makes your Windows settings go to the world

    How to customize the production win10 theme? Win10 theme production method introduction

    Win10 upgrade C drive $Windows.~BT What is the folder? Very occupied space

    XP vs. Vista vs. Win7 Performance Comparison Test

    Win10 official version upgrade second wave push time exposure The fastest next week

    Win7 how to upgrade Win10 Win7 upgrade Win10 graphic tutorial

  • Windows XP System Tutorial
  • Windows 7 System Tutorial
  • Windows 8 System Tutorial
  • Windows 10 System Tutorial
  • Windows 2003 System Tutorial
  • Windows 2008 System Tutorial
  • Windows Vista System Tutorial
  • Windows tutorial synthesis
  • Windows Server System Tutorial
  • Linux system Tutorial
  • Computer software Tutorial
  • Windows NT Tutorial
    • Copyright © Windows knowledge All Rights Reserved