Unavoidable several TXT file exposures

The TXT file looks very inconspicuous, and many people don't usually use it. TXT is a plain text format. This format is plain text and it is plain text. Notepad is a typical plain text editor that can open and create files in TXT format. Of course, you can also create documents in other formats with Notepad, but in principle you can only create them in plain text.

I. Hide the TXT file of the HTML extension

If you receive an email attachment that looks like this: QQ nickname to send .txt, do you think it Definitely a plain text file? I want to tell you, not necessarily! Its actual file name can be QQ nickname to send .txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}.

{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B} is the meaning of the HTML file association in the registry. But when you save the file name, it will not show up. What you see is a .txt file. This file is actually equivalent to the QQ nickname.txt.html. So why is it dangerous to open this file directly? See if the contents of this file are as follows:

You might think that it will call Notepad to run, but if you double-click it, it will call HTML to run. And automatically start to format the D drive in the background, while showing "Windows is configuring the system." Plase do not interrupt this process. ” Such a dialog box to deceive you. Is it dangerous to open the .txt in the attachment at will?

The principle of deception implementation: When you double-click this disguised .txt, the real file extension is

. {3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}, which is the .html file, will run as an html file, which is a prerequisite for it to run.

Lines 2 and 3 of the file content are the key to its destructive effect. The third line is the executor of the vandalism, in which commands with destructive properties can be loaded. So what is the second line? You may have noticed the "Ws cript" in the second line, right! It is the director who directed the whole scene, it is the mastermind behind the scenes!

Ws cript full name Windows s cripting Host, which is a new addition to Win98, is a batch language/automatic execution tool —— its corresponding program "Ws cript.exe" is a scripting language interpreter at c: Under WINDOWS, it is what makes a script executable, just like executing a batch. In the Windows scripting Host scripting environment, some objects are predefined, and through its built-in objects, you can implement functions such as obtaining environment variables, creating shortcuts, loading programs, and reading and writing the registry.

Identification and prevention methods:

1 This deceptive .txt file does not display the icon of the text file, it shows the flag of the undefined file type. Is the best way to distinguish it from normal TXT files.

Another way to identify 2 is to display the full name of the file name (see Figure 1) on the left side of the "My Computer" on the "WEB page" It is not a real TXT file. The problem is that many beginners have not enough experience. The veteran may open it because he didn't pay attention. Here again, remind you that the file name of the attachment you received is not only the extension that appears, but also the actual number. What is the icon displayed.

3 For the files that appear to be TXT from others in the attachment, you can download it and right click to select “ open with notepad, it will be safe.