Trojan is a remote control-based virus program that is highly concealed and harmful. It can control you or monitor you without knowing it. So how do we know where the Trojan is? Here is a description of the lurking tricks of the Trojan. 1. Integrated into the program, its solid horse is also a server-client program, which is often integrated into the program in order to prevent users from easily deleting it. Once the user activates the Trojan, the Trojan file is bundled with an application. Together, then upload to the server to overwrite the original file, so that even if the Trojan is deleted, as long as the application that bundles the Trojan is running, the Trojan will be installed. If you bind to the system download file, the Trojan will be started every time Windows starts. 2. Hidden in the configuration file Trojan is too embarrassing, know that some people usually use the operating system of the system home graphical interface, for those who are not very important configuration files are mostly ignored, this just gives The Trojan provides a hiding place. And with the special role of the configuration file, the Trojan can easily run and attack on numerous computers, stealing or monitoring the victim. However, this method is not very hidden and easy to find, so it is rare to load Trojans in Autoexec.bat and Config.sys, but it cannot be taken lightly. 3. Latitude in Win.ini Trojans must run to achieve control or monitor the computer, but no one will be stupid enough to run Trojans on their own computers. Of course, the Trojan is also psychologically prepared, so it must find a place that is safe and can automatically run when the system starts, so lurking in Win.ini is a place where the Trojan feels more comfortable. You may wish to open Win.ini to see that there are startup commands in the [Windows] field, “load=” and “run=”, in general, “=” behind is blank, if There is a heel program, for example, this is: "run=c: \\Windows\\file.exe load=c :\\Windows\\file.exe”, then you have to be careful, this is "file.exe" May be a Trojan. 4. Disguised in the ordinary file This method appears later, but now the popular ghost xp, for the unskilled Windows operator, it is easy to be fooled. The specific method is to disguise the executable file as picture text - change the icon to the default picture icon of Windwos in the program, and then change the file name to “*.jpg.exe”. Since the default setting is “ does not display the known file suffix name & rdquo;, the file will be displayed as “*.jpg” people who are not paying attention to the trojan as soon as they click this icon (if a picture is embedded in the program) More perfect). 5. Built into the registry The above method makes the Trojan really comfortable for a while, no one can find it, and it can run automatically. However, the good times did not last long, and people quickly took out their horses. After summing up the lessons of failure, the Trojan thinks that the above hiding place is easy to find, and now must hide in a place that is not easy to be discovered, so it thinks of the registry! Indeed, due to the complexity of the registry, Trojans often like to hide here. Check it out and see what program is underneath: "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurreNTVersion", all the keys starting with "run"; HKEY_USERS\\.Default\\Software\\Microsoft\\Windows\\CurreNTVersion “run” The key value of the switch. 6. Hiding in System.ini Trojans are everywhere! Where is there a hole, where is it going to drill! System.ini under the Windows installation directory is also a place that Trojans like to hide. Still be careful, open this file to see how it differs from normal files. Look at the [boot] field of the file, is there such a content, that is shell=Explorer.exe file.exe if it does The content, then you are unfortunate, because File.exe here is the Trojan server program! In addition, in the [386Enh] field in System.ini, you should pay attention to the "driver=path\\program name" in this section of the check. It may also be used by Trojans. Also, in the three fields of [mic], [drivers], and [driver32] in System,ini, ghost xp can also function as a loader. It is also a good place to add Trojans. We should pay attention. . 7. Invisible in the startup group Sometimes the Trojan does not care about its own whereabouts, it is more attention to whether it can be automatically loaded into the system download, because once the Trojan is loaded into the system, you can't use it anyway. So according to this logic, the startup group is also a good place where the Trojan can be hidden, because it is a good place to run automatically. The corresponding folder of the startup group is: "C:\\Windows\\startmenu\\programs\\startup”, in the registry: HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurreNT Version\\Explorer\\ShellFolders Startup= “C:\\ Windows\\start menu\\programs\\startup”. Be careful to check the startup group frequently. 8. Hidden in Winstart.bat According to the above logic theory, wherever the Trojan can automatically load, Trojans like to stay. Winstart.bat is also a file that can be automatically loaded and run by Windows. It is automatically generated for the application and system home in most cases. It is executed after executing Win.com and loading most drivers (this can be done at startup). Press the F8 key and select the step-by-step method to start the boot process. Since the function of Autoexec.bat can be replaced by Winstart.bat, the Trojan can be loaded and run as it is in Autoexec.bat, and the danger arises. 9. Bundled in the startup file, that is, the startup configuration file of the application, the control terminal can use these files to start the program features, and upload the created file with the same name with the Trojan startup command to the server to overwrite the file with the same name, so that The purpose of starting the Trojan is achieved. 10. Set the Trojan's owner to place malicious code on the webpage in the hyperlink, to entice the user to click, and the result of the user click is self-evident. Advise people not to click on the link on the Internet.