【 Weak current College 】 universal killing "Trojans" skills

A lot of knowledge about the safety of rookie, in the computer after the "Trojan horse" is completely. Although there are many new versions of antivirus software can be automatically cleared most of the "Trojan horse", but they do not protect against emerging "Trojan" programs. Thus, killing the Trojan, the most critical thing is to know the "Trojan horse" works. Believe what you read this article, you'll become a killing "Trojan horse" of experts.

The "Trojan" programs will want to do everything possible to hide themselves, there are major ways: in the taskbar hide themselves, this is the most basic way. As long as the Form's Visible property is set to False, ShowInTaskBar is set to False, the program runs it will not appear in the taskbar. In Task Manager stealth: the program is set to the "system service" makes it easy to disguise. Of course it also quietly launched a hacker, of course, does not expect every time a user clicks on the "after the horse" icon to run the service side, the "Trojan horse" each time a user starts automatically mount. Windows system startup automatically load the application, "Trojan horse" is used, such as: the startup group, Win.ini, System.ini, registry, and so on are the "Trojan horse" hiding place.

The following specific about how the "Trojan horse" is loaded automatically. In the Win.ini file in the [WINDOWS], the "run =" or "load =" is possible to load the "Trojan" programs, you must carefully pay attention to them. In General, their equal sign followed should have nothing, if you find that followed by the path and file name is not your familiar startup files, your computer may "Trojans". Of course you have to see clearly, because a lot of the "Trojan horse", "Trojan horse" that AOLTrojan themselves masquerade as command.exe (real system file as command.com) file, if you do not pay attention to could not be found that it is not a true system startup files (especially in Windows window).

In the System.ini file in the [BOOT] following a "shell = filename". The correct file name should be "explorer.exe", if not "explorer.exe", but rather the "shell = explorer.exe program name", followed by the program is "Trojan" programs, which means that you have a "Trojan horse".

The registry is the most complex, through regedit command to open the registry editor, click to: "HKEY-LOCAL-ACHINESoftwareMicrosoftWindowsCurrentVersionRun" directory, view the key values are not themselves are not familiar with automatic startup file extension EXE, here it is important to remember that there are "Trojan" programs generated files is similar to the system's own file, want to pretend to muddle through, such as "AcidBatteryv1.0 Trojans", it will be the registry under the "HKEY-LOCAL-MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun" Explorer key to Explorer = "C:WINDOW ** piorer.exe", "Trojan" programs and true Explorer only "I" and "l" differences. Of course in the registry there is a lot of places you can hide the "Trojan" programs, such as: "HKEY-CURRENTUSERSoftwareMicrosoftWindowsCurrentVersionRun" and "HKEYUSERS ** ** SoftwareMicrosoftWindowsCurrentVersionRun" directory is likely, the best way is to "find" HKEY-LOCAL-MACHINESoftwareMicrosoftWindowsCurrentVersionRun "Trojans" program file name, and then searched in the entire registry.

Know the "Trojan horse" works, killing the "Trojan horse" becomes very easy, if you find a "Trojan horse" exists, the most efficient approach is to go to the computer is disconnected from the network to prevent hackers from network attacks against you. And then edit the win.ini file, the [WINDOWS], the "run =" Trojan "programs" or "load =" Trojan "programs" changed to "run =" or "load =" edit the system.ini file, the [BOOT] following the "shell = ' Trojan horse ' file" is changed to: "shell = explorer.exe" in registry, registry using regedit to be edited in the "find" HKEY-LOCAL-MACHINESoftwareMicrosoftWindowsCurrentVersionRun "Trojans" program file name, and then in the entire registry search and replace "Trojan" programs, sometimes also be aware that: there is a "Trojan" programs
And not directly to the "HKEY-LOCAL-MACHINESoftwareMicrosoftWindowsCurrentVersionRun" under the "Trojan horse" key to delete it, because of the "Trojan horse" such as BladeRunner "Trojans", if you delete it, "Trojan horse" will immediately and automatically plus, you need to write down the name of the "Trojan horse" and the directory, and then back to MS-DOS, locate the "Trojan horse" file and delete it. Restart, and then to the registry will all "woodHorse "key to delete the file. At this point, we just finished.