How to solve the problem of hacking Trojans invading the computer

The virus of the virus has sprung up, the virus has invaded our computer unscrupulously, the interception of the anti-virus program has blocked, and the computer defense battle is performed every day on the computer. One day, you will suddenly find that the QQ you are hanging on is actually some scam information and unsightly pictures, or forced to go offline when QQ is good. Then we opened the defense war of the defense virus ourselves. We first changed the secret, and then went back through the appeal. In this case, is there any good way to prevent it? Please see the article below.

How to judge the Trojan

Patient: Trojan horse damage is too big, then how do I know the Trojan in my computer?

Doctor: Trojan in the computer After that, sometimes there are some very typical symptoms, such as automatic shutdown of anti-virus software, slow computer running, frequent pop-up web page pop-ups, some programs in the system can not run, etc.; sometimes the symptoms are not obvious, but we You can use some clues to analyze whether the computer has a Trojan, such as viewing "Task Manager", whether there are unfamiliar processes (once you find it, go online to see if it is a virus program), from the system folder, the registry , start the program, etc. to see if there are suspicious files or items.

Let's take a look at some common behaviors of Trojans using a computer infected with the recently active SoundMan Trojan.

Tips: SoundMan Trojans

SoundMan Trojans are a version of the Realtek sound card related programs and icons to confuse users "Online Trojan Downloader", it has the ability to shield the display hidden in addition to the ordinary Trojan In addition to the function of the file, you can also start itself with a replacement service, etc., and have the function of ending the anti-virus software and downloading a large number of online games Trojans in the background.

1. Hidden files can no longer be displayed

Open a folder and select “Tools/Folder Options> in the menu above, and check in “View” Display all files and folders & rdquo; and remove the check mark in front of <; hide the extension of the known file type & rdquo;. After such an operation, the hidden file still cannot be displayed.

Tip: Once you find that you have set all files and folders to be displayed, and the system still can't display hidden files, you must pay enough attention to it. It is very likely that Trojans will invade.

2.View System32 folder

Enter System32 folder (assuming WindowsXP is installed on C drive), you can find that the Trojan created ineters.exe, SoundMan.exe, tthh3.ini Files (Editor's note: We have already dealt with the display of hidden files before).

Tip: Trojans generally release virus files and related ini files in the system folder System32. If you suspect a Trojan, be sure to check the files created in this folder before and after the poisoning symptoms.

3.View User Accounts

Click on “Start/Settings/Control Panel", double-click “User Account”, if the Guest account in the computer is found to be activated for no reason, or There are more unfamiliar accounts, such as an account named Microsoft, and you should be vigilant. This is also a typical feature of infected Trojans.

4.View auto file

When the SoundMan.exe Trojan is in the system, the Trojan will write to auto.exe and autorun.inf as long as there is new removable storage access. File, so we found any auto, autorun option in the right mouse button menu, or found in the mobile hard disk or flash root directory to find the two files auto.exe and autorun.inf, it proves poisoned.

Tip: Now Trojans generally use the autoplay feature of the mobile storage settings to write and propagate viruses, so if auto.exe and autorun.inf are found in the hard disk partition and the root directory of the removable storage device Two files, both computers and mobile hard drives have been poisoned.

In addition to checking the above places, we can also find clues from the following places where Trojans like to hide.

One is to determine whether it is poisoned from the "Win.ini" file. Use Notepad to open the Win.ini file in the "C:Windows" directory. In the [windows] field of the file, look for the start command “load=” and “run=” followed by the program, in general, “=” behind is blank, if in the “=&rdquo The number is followed by the program (Figure 2), which is usually a Trojan virus.

The second is to determine whether it is poisoned from the "System.ini" file. Use Notepad to open the "System.ini" file located in the "C:Windows" directory. If you find the program in the [boot] field after "shell=Explorer.exe", it is usually a Trojan server program. . In addition, in the [386Enh] field in System.ini, be careful to check the "driver=path program name" in this section, which may also be used by Trojans. The three fields [Mic], [drivers], and [drivers32] in System.ini play the role of loading drivers, but they are also a good place to add Trojans, so they need to be checked.

The third is to open the registry editor to find. Trojans generally use the Run, RunServices, RunOnce and other sub-items in the registry to load, enter “regedit” enter & quoquo; regedit” enter the registry editor, view in the following places .

(1) Startup items in the registry

Check if RunServices, RunServicesOnce, Run, RunOnce, and HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion under HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion" Suspicious items.

If you find that some unfamiliar programs are loaded into the system folder, then you may have a Trojan virus.

(2) File Association Keys

Some Trojans also load programs by modifying the key values ​​of a certain type of file in the registry. Check “HKEY_CLASSES_ROOTXXX (Editor: XXX here can be exefile, comfile, batfile, htafile, piffile) shellopencommand” subkeys in the "default" value: "““%1”%*”; check“ HKEY_LOCAL_MACHINESoftwareCLASSESXXX (Editor: XXX here can be exefile, comfile, batfile, htafile, piffile) shellopencommand” subkey "default" value: "““%1”%*”.

These “%1%*” can be assigned values. If the default value is modified, for example, the virus Trojan changes it to “muma.exe%1%*”, it may be poisoned. Previous12Next page Total 2 pages