【 Weak current college 】 online banking ones principle Trojan virus

With the rise of network users, all kinds of viruses, Trojans or ones that are naturally considered mouth delicious. In a number of pioneer released the fallen ones, and generate alternative ones there, a program, the network will be used improperly, to personal Internet banking account has no small losses, so that many netizens hurts a lot.
Trojan analysis
This does not last and the emergence of new online banking Trojans Win32.Troj.BankJp.a.221184 program, the viruses can be kept by third parties on the device and network communication, systems, Internet banking users. The presence of a horse but, first of all, the system will look for the system of "personal banking Professional Edition" of Windows and ** online banking account password, and then the virus will automatically replace a lot of system files and records, into the keyboard using delete corrupted system-u s e r I n I t E E Ⅹ. key login program, reach the system reboots repeatedly landing operation interface, so that the system was unable to get to the desktop that does not run, the virus Trojan horse can realize automatic updating, a serious threat to the user property and privacy.
On a single machine, the virus will be its file directory% windir% survive mshelp.dll, mspw.dll dynamic link library file, and then add the registry branch HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices power service items and attempt to back up the file% system% c a l c E E-Ⅹ. >% system% and% system% dllcachec_20218.nls u s e r I n I t E E-Ⅹ. >% system% windir% and% dllcachec_20911.nls n o t e p a d-E-E Ⅹ >% system% dllcachec_20601.nls file. Successful start automatically after virus find and replace system directory% windir% under c a l c E E Ⅹ.; % system% directory u s e r I n I t E E Ⅹ., n o t e a p E E d. Ⅹ;% system% dllcache directory c a l c E Ⅹ E,-u s e r I n I t E and E Ⅹ. n o t e a p E E d. Ⅹ files to hide up to depth.
Thus, a virus Trojan horse still no end own consolidation functions that will be created under the system root RECYCLER in Paris. Folder to contain viruses.
Virus cleanup process
When a network user accidentally infected their virus Trojan horse, you should clean it as soon as possible out of your computer, in accordance with their respective computer virus emergency response capacity, provide two scenarios here:
Method a, use the remote registry repair
As the system default, the remote registry service is turned on, at LAN users can remotely connect to the registry editor to modify the infected computer registry. First run of start menu items enter regedit in the registry editor, click the file menu to open the connect network registry project, in which you enter the infected computer IP address of the machine name (Note: the connection is successful if the other computer will need a username and password you will need to enter).
Then, locate the registry branch HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsNTCurrentVersionImageFileExecutionOptions will its u s e r I n I t E E Ⅹ. delete the program (Note: sometimes there is no monitor, can't find virus hijacking of u s e r I n I t E E Ⅹ., so at this point, the project shall be found registry branch HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersionWinlogon, modify the Userinit key under it as the system default value C: N D W O W I S s y s t e m e r s 32 U n I t I-E Ⅹ E), if u s e r I E n I t E been Ⅹ. viruses, you can use the Windows installation CD after the quick fix to restore u s e r I n I t E E Ⅹ. program file.
Last will use DOS commands will be virus renames and moves c_20911.nls reset command as follows: copyc: windowssystem32dllcachec_20911.nlsc: windowssystem32 finished restart the computer, the system can be back to normal.
Method two, after booting WINPE CD repair
First of all users on the computer starts, press the delete key to enter the BIOS, set up your computer to boot from the CD (Note: various brands of computer into a slightly different BIOS, refer to the stability of their instruction action), the setting is finished WinPE CD into the optical drive, and then press F10 to save the exit, then the computer restarts, enter the CD interface.
Access to the WinPE virtual system, locate the registry branch HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsNTCurrentVersionImageFileExecutionOptions will its u s e r I n I t E E Ⅹ. delete the program, locate the registry branch HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsNTCurrentVersionWinlogon, modify the Userinit key under it as the system default value C:WI N D O W S s y s t e m e r s 32 U n I t I E-then browse Ⅹ E, WinPE CD, i386 directory system32 folder in the u s e r I n I t E E Ⅹ. procedures are copied to the system's disk under windowssystem32 path.
Finally, remove the CD and restart the computer, virus hijacking of u s e r I n I t E E Ⅹ. will return to normal, the operating system will boot normally, repeatedly restart does not occur, the issue is resolved.
Virus prevention
The virus is not terrible, terrible virus manufacture zhezhixin. Network users must always be vigilant against property loss, but in the face of network users, in the early days of the end to facilitate what method for anti-virus, intrusion?, in fact, in the network and have no real security system, only the relative security of the platform. If you want to move from network threat reduced to the minimum, then the user should note the following points:
1. do not randomly open unknown sites and instant messaging software delivery Web site, not free to receive and click on the unknown or unidentified program (includes: exe file, picture, animation, movies, music, eBooks, etc) to prevent the Cntc.
2. open the system patch for the Automatic Updates feature, and set daily native installed security software upgrades to the latest version. To communicate on the network that you want to open the firewall, the firewall is not installed by the user shall, as soon as installed, this prevents when computer a strange program for remote connections, prior knew and are audited.
Third, to not use antivirus software on a regular basis or third-party security tool to scan your computer completely, for instant communications users such as QQ, QQ to use on the system into the patch doctors and detect ones from here, to avoid poisoning in horses infected network Bank.