In the win.ini file, in the [WINDOWS] below, "run =" and "load =" it is possible to load the "Trojan horse" program means that they must be carefully pay attention. Under normal circumstances, they have nothing after the equal sign, if they followed a path and file name are not you are familiar with the startup files, your computer may be in the "Trojan horse" of. Of course, you have to look carefully, because a lot of "Trojan horse", such as "AOLTrojan Trojan horse", which put itself disguised as command.exe file, if not pay attention may not find that it is not really a system startup files.
In the system.ini file, in the [BOOT] here are a "shell = file name." The correct file name should be "explorer.exe", if not "explorer.exe", but the "shell = explorer.exe program name", then that procedure is followed by a "Trojan horse" program, that you have the " Trojan horse "of.
In the registry of the most complex, through the regedit command to open the Registry Editor, in the Click to: "HKEY-LOCAL-MACHINESoftwareMicrosoftWindowsCurrentVersionRun" directory, view the keys in there that they are not familiar with the automatic startup files with the extension EXE Here remember: some of the "Trojan horse" program generated the file like the file system itself, wanted to camouflage under false pretenses, such as "AcidBatteryv1.0 Trojan horse," it will registry "HKEY-LOCAL-MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun" under the Explorer key to change for the Explorer = "C: WINDOWSexpiorer.exe", "Trojan horse" program with the real Explorer only between the "i" and the "l" difference. Of course, there are still many places in the registry can be hidden "Trojan horse" program, such as: "HKEY-CURRENT-USERSoftwareMicrosoftWindowsCurrentVersionRun", "HKEY-USERS **** SoftwareMicrosoftWindowsCurrentVersionRun" directory are likely the best way is to "HKEY-LOCAL-MACHINESoftwareMicrosoftWindowsCurrentVersionRun" find "Trojan horse" program file name, and then you can search the entire registry.
Know that a "Trojan horse" of the working principle of killing "Trojan horse" becomes very easy, if we find a "Trojan horse" exists, the safest and most effective way is to immediately disconnect the computer network to prevent hackers through the network for you attack. And then edit the win.ini file will be [WINDOWS] below, "run =" Trojan horse "program" or "load =" Trojan horse "program" changed to "run =" and "load ="; edit system.ini file will be [ BOOT] The following "shell = 'Trojan' document", change: "shell = explorer.exe"; in the registry, use regedit to edit the registry, first in "HKEY-LOCAL-MACHINESoftwareMicrosoftWindowsCurrentVersionRun" found under the "Trojan "program file name, and then the entire registry search and replace" Trojan horse "program, and sometimes need to note: some of the" Trojan horse "program is not directly" HKEY-LOCAL-MACHINESoftwareMicrosoftWindowsCurrentVersionRun "under the" Trojan horse "key to delete the line, because some of the" Trojan horse "if: BladeRunner" Trojan horse ", if you delete it," Trojan horse "will automatically and immediately add, you need is a note of" Trojan horse "in the name and directory, and then returned to to the MS-DOS, find this "Trojan" file and remove it. Restart the computer, and then to the registry will be all the "Trojan horse" key to delete the file. At this point, we're done
No comments:
Post a Comment