Dangerous TXT file identification and prevention methods

txt file is a text format that Microsoft attaches to the operating system. It is the most common file format. It mainly stores text information, which is text information, but now it Turning into a hidden and dangerous file, if you open the file that someone else sent you, you will most likely see it as follows: You might think it will call Notepad to run, but if You double-click on it, and instead it calls HTML to run, and automatically starts formatting the D drive in the background, while showing "Windows is configuring the system." Plase does not interrupt this process. ” Such a dialog box to deceive you. You see the danger of opening the .txt in the attachment is great enough? Deception implementation principle: When you double-click this disguised .txt, since the real file extension is .{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}, That is the .html file, so it will run as an html file, which is a prerequisite for it to run.

You may have noticed the "Ws cript" in the second line, yes! It is the director of the whole scene, it is the mastermind behind the scenes! Ws cript full name Windows s cripting master, it is new in Win98 The function is a batch language/automatic execution tool —— its corresponding program "Ws cript.exe" is a scripting language interpreter located under c:\\WINDOWS, which makes it possible for scripts to It is executed as if it were a batch. In the Windowsscript cripting master script environment, some objects are predefined, and through its built-in objects, you can implement functions such as obtaining environment variables, creating shortcuts, loading programs, and reading and writing the registry.

Identification and prevention methods:

1 This deceptive .txt file does not display the icon of the text file, it shows the flag of the undefined file type. Is the best way to distinguish it from normal TXT files.

Another way to identify 2 is to display the full name of the file name (see Figure 1) on the left side of the "My Computer" (view 1). It is not a real TXT file. The problem is that many beginners experience is not enough, because the veteran may not pay attention to open it, here to remind you again, note the file name of the mail you receive an attachment, not only depends displayed extension, but also pay attention to their actual What icon displayed yes.

3 For the files that appear to be TXT from others in the attachment, you can download it and right click to select “ open with notepad, it will be safe.

II. Malicious Fragment File Another type of horrible TXT file is a file called "Shard Object" in Windows (extension "ldquo;嘘"), which is generally disguised as a text file via an email attachment. Spread, for example, this kind of Q number is sent to .txt.shs, because the real suffix name & quoquo; 嘘 & rdquo; will not show up, if the file contains such a form such as "form", it will be terrible! Not only that, the following four reasons are also a cause of its harmfulness: 1 The default icon of the fragment object file is an icon similar to the icon of the notepad file, which is easy to be mistaken for some text documents, the user is Its vigilance is not well prepared.

2In the default state of Windows, the "fragment object" file extension (“.嘘”) is hidden even if you are in <;Explorer”→“ tools & rdquo; & rarr; & ldquo; folder options & rdquo; & rarr; & ldquo; View & rdquo; in the & ldquo; hide known file types extensions & rdquo; in front of & ldquo; & radic; & rdquo; removed, & ldquo ;. boo & rdquo; It is still hidden, because Windows supports dual extensions, such as "QQ number delivery.txt.shs"; the name displayed is always "QQ number delivery.txt".

3 Even if you are suspicious, you will not find any problems with this file with any anti-virus software, because the file itself has no virus, is not executable, and is still a system file. Do you suspect such a file? 4 This kind of attachment virus is very easy to manufacture, you can learn in 5 minutes, and you don't need programming knowledge. (Format C drive command: & ldquo; Form c: & rdquo; Everyone knows ^ _ ^).

1, specific examples of

So, debris objects in the end user's computer will cause any threat? We work together to make a test to understand. The following test environment was performed on the Chinese version of Windows 2000 Server. We first create a test file test.txt on the hard disk (I created the location is D:\\test.txt), and then we will create a fragment object file that can delete this test file.

① to run an Object Packager (packager.exe), my Win2000 service providers installed in /winnt /system32.

2 After creating a new file, open the menu <;file”→“import", and a file dialog will pop up, allowing you to select a file. Don't worry, just pick a file and you're done.

3 Then open “edit ”→“command line”, in the pop-up command line input dialog box, enter “cmd.exe /c del d:\\test.txt”, point “OK”.

4 Then, select “Edit”→“Copy Data Package” from the menu.

5 Then, just find a place on the hard disk, I am directly on the desktop. Right click on the desktop and select “Paste & rdquo; from the pop-up menu. At this point we can see that a fragment object file has been created on the desktop.

Now we can double click on this file, after the CMD window flashes, then go to the D drive and the test file D:\\test.txt has been deleted! Now you should know, at the time of the object The command entered in the package was executed. It's dangerous. If this command is to delete an important file in the system, or a dangerous command such as a format command, how terrible it is! Let's take a look at this < stealth killer> The true face of it! Previous12Next page Total 2 pages