木马藏身地及通用排查技术(国外英语资料).docVIP

木马藏身地及通用排查技术(国外英语资料) The Trojan hiding place and general purpose screening technique Trojans, taken from the ancient Greek myth of the Trojan horse, are a remote-controlled hacking tool that is highly hidden and dangerous. In order to achieve the purpose of the control service host, the Trojan often USES various means to activate itself and load the purpose of the operation. Here, we briefly introduce the Trojan horse general activation methods, their hideout, and through some examples to let you experience the method of manual removal Trojan horse. Start the Trojan horse in win.ini: In Win. Ini [Windows] section has a startup command load = and run =, in the case of a general = is empty, if followed procedures, such as: Run = C: Windows ile. Exe Load = C: Windows ile. Exe The file.exe is probably a Trojan horse. Modify the file association in the Windows XP registry: Modifying the file associations in the registry is a common approach for trojans, and how to modify them has been described in the previous articles in this series. For example, under normal circumstances the TXT file opened the way for the Notepad. The exe (notebook), but once infected file association trojans, TXT file will become opened with Trojan program. Such as famous domestic Trojan ice age, is the HKEY_CLASSES_ROOT registry xtfileshellopencommand key branching off the key item of default key C: Windows otepad. Exe % 1 changed to C: WindowsSystemSysexplr. Exe, so, when you double-click a TXT file, originally should use notepad to open the file, now became a start trojans. Of course, not only the TXT file, but other types of files such as HTM, exe, zip, and com are also the targets of trojans, and be careful. For this type of Trojan program, you can only check the file type shellopencommand subkey branch of the HKEY_CLASSES_ROOT in the registry to see if its value is normal. On the Windows XP system: Implement the trigger condition to control the client and server has passed the first Trojan co