win2003 server a move to disable all Trojan of anti lift right
- 2020-05-06 12:03:33
- OfStack
1. Preface:
The danger with the Trojan is that it can remotely control your computer. When you become a "chicken", others can access your computer, peek at your files, steal passwords, or even send random things to your friends using your QQ...
Trojans abound because they have a direct commercial interest. Once your online banking password is stolen, it's too late to cry.
Because of this, the more the horse breeds, the more likely it is to burn out. Trojan horse and virus cooperate mutually, bring out the best in each other, harm is bigger and bigger.
It is no exaggeration to say that the wooden horse is the thief and robber who walks into your house from the wire. Anti - Trojan, has become a modern computer users compulsory course.
2. How it works:
Trojans harm, although the means are various, but ten thousand changes from its common, one of the necessary steps is to establish an administrator user in your system. This article is from this link, to prevent the establishment of Trojan users. In this way, even if your computer has been infected with Trojan virus, but because can not establish users, the Trojan can not play the function of remote control. In other words, waste it, make it waste. Of course, waste also needs to be cleaned up, but that's out of the scope of this article.
3. Method:
runs regedt32.exe opens your registry and there is a directory tree:
Open the directory HKEY_LOCAL_MACHINE
Open SAM
again Open SAM
again Open Domains
again Open Account
again Open Groups
again Okay, so this is the Groups that is responsible for creating users. Delete it, and the system won't be able to create users. No matter how the Trojan toss, there is no way to establish users, let alone promoted to administrator. There is no way to restore the files in this directory if they are deleted. So, before you do this, you have to back up and restore if necessary.
Backup method: right click on Groups and select "export". Give the exported file a name and save it.
4. Description:
probably when you enter the registry, you will only see the first SAM directory and nothing else. Don't worry, that's because you don't have enough permissions, right click on the appropriate directory and select "permissions", setting yourself (usually Administrators) to "allow full control". After setting the permissions, close, re-enter regedt32.exe, and so on, until you find the Groups directory.
5. Restore:
is easy, find the file you exported, and just click on it.
Since you will not be able to use the "user accounts" and "local users and groups" functions in the control panel after removing the Groups directory, it is important to back up the files. When you need to use the corresponding function, restore it, as before. Of course, if you're an individual user and you're the only one using the computer all the time, it doesn't matter.
See, very useful to all of you, ha ha ~ ~ ~ ~ some users are often very depressed, oneself clearly have removed the Trojan files, and the corresponding startup, but do not know what time it intact back again, this is not, even more sad is that sometimes kill a Trojan horse is a fault in the system is also: all applications can't open it. At this point, if the user's knowledge of computer technology is limited to the use of anti-virus software, it can only be a crying reinstallation system why this? Does this Trojan also maliciously modify the system core? The answer is simple, because the trojans modify how applications (EXE files) are parallel. What is "parallel mode"? According to my teacher (online is very famous, aptech xiyuan old to) introduce: in Windows system, the file open operation is through the corresponding registry keys specified application to execute, this part within the "HKEY_CLASSES_ROOT" primary key in the registry, when the system receives a file name request, in its suffix, on the basis of identifying the file type, here, in turn, calls the corresponding program to open. And the application itself is also viewed as a file, it also belongs to a kind of file type, also can use other ways to open, just Windows set the caller to "*" % 1 "%", make the system kernel understood as "executable request", it will be for the use of this way of open the file creation process, finally carried out file is loaded, if there is another program change the key value, Windows it invokes the specified file to open it. Some trojans change the "open mode" of exefile corresponding to the EXE suffix name to "trojans "%1" %*". When running the program, the system will first create a process for the "trojans" and pass the following file name as a parameter to it for execution. Thus, it seems to us that the program is started normally. Because the Trojan is used as the calling program for all EXE files, it can stay in memory for a long time and recover its own files every time, so in the eyes of the average user, the Trojan is "immortal". However, once the Trojan is deleted, Windows will not find the corresponding calling program, so the normal program cannot be executed, which is the source of the so-called "all programs can't run" situation, it is not the Trojan changed the system core, there is no need to reinstall the whole system. Is the simplest way to eradicate the Trojan's only need to look at what EXE file opened the way to the program, to immediately stop the process of the program, if it also produces other Trojan files, and stop, then keep the registry editor to open the case (or all of your program will be won't open) remove all Trojan files, put exefile KEY_CLASSES_ROOT \ "open way" item exefile \ shell \ open \ command) to change back to the original "% 1" % "*". If you remove Trojan forgot to change the parallel way back before, you will find the program to open it, then don't try so hard, if you are a Win9x users, please use the "shell replacement solution" : the restart press F8 to enter boot menu select MS - DOS mode, the Explorer. exe literally change a name, put REGEDIT. EXE Explorer. The name was changed to exe, restart again after will find into Windows only a registry editor, Please switch back to the parallel mode and don't forget to restore the previous Explorer.exe when you restart it. For Win2000 / XP user, the operation more simple, as long as the boot press F8 into the start menu, choose "command prompt safe mode", the system will automatically call command prompt interface as a case, direct input REGEDIT inside to open the registry editor XP users don't even need to restart, in the "open way" browse directly to the CMD. EXE can open "command prompt" interface run registry editor REGEDIT. EXE...
In fact, the server installed an mcafee can be, the specific Settings can refer to
//www.jb51.net/hack/40724.html
The danger with the Trojan is that it can remotely control your computer. When you become a "chicken", others can access your computer, peek at your files, steal passwords, or even send random things to your friends using your QQ...
Trojans abound because they have a direct commercial interest. Once your online banking password is stolen, it's too late to cry.
Because of this, the more the horse breeds, the more likely it is to burn out. Trojan horse and virus cooperate mutually, bring out the best in each other, harm is bigger and bigger.
It is no exaggeration to say that the wooden horse is the thief and robber who walks into your house from the wire. Anti - Trojan, has become a modern computer users compulsory course.
2. How it works:
Trojans harm, although the means are various, but ten thousand changes from its common, one of the necessary steps is to establish an administrator user in your system. This article is from this link, to prevent the establishment of Trojan users. In this way, even if your computer has been infected with Trojan virus, but because can not establish users, the Trojan can not play the function of remote control. In other words, waste it, make it waste. Of course, waste also needs to be cleaned up, but that's out of the scope of this article.
3. Method:
runs regedt32.exe opens your registry and there is a directory tree:
Open the directory HKEY_LOCAL_MACHINE
Open SAM
again Open SAM
again Open Domains
again Open Account
again Open Groups
again Okay, so this is the Groups that is responsible for creating users. Delete it, and the system won't be able to create users. No matter how the Trojan toss, there is no way to establish users, let alone promoted to administrator. There is no way to restore the files in this directory if they are deleted. So, before you do this, you have to back up and restore if necessary.
Backup method: right click on Groups and select "export". Give the exported file a name and save it.
4. Description:
probably when you enter the registry, you will only see the first SAM directory and nothing else. Don't worry, that's because you don't have enough permissions, right click on the appropriate directory and select "permissions", setting yourself (usually Administrators) to "allow full control". After setting the permissions, close, re-enter regedt32.exe, and so on, until you find the Groups directory.
5. Restore:
is easy, find the file you exported, and just click on it.
Since you will not be able to use the "user accounts" and "local users and groups" functions in the control panel after removing the Groups directory, it is important to back up the files. When you need to use the corresponding function, restore it, as before. Of course, if you're an individual user and you're the only one using the computer all the time, it doesn't matter.
See, very useful to all of you, ha ha ~ ~ ~ ~ some users are often very depressed, oneself clearly have removed the Trojan files, and the corresponding startup, but do not know what time it intact back again, this is not, even more sad is that sometimes kill a Trojan horse is a fault in the system is also: all applications can't open it. At this point, if the user's knowledge of computer technology is limited to the use of anti-virus software, it can only be a crying reinstallation system why this? Does this Trojan also maliciously modify the system core? The answer is simple, because the trojans modify how applications (EXE files) are parallel. What is "parallel mode"? According to my teacher (online is very famous, aptech xiyuan old to) introduce: in Windows system, the file open operation is through the corresponding registry keys specified application to execute, this part within the "HKEY_CLASSES_ROOT" primary key in the registry, when the system receives a file name request, in its suffix, on the basis of identifying the file type, here, in turn, calls the corresponding program to open. And the application itself is also viewed as a file, it also belongs to a kind of file type, also can use other ways to open, just Windows set the caller to "*" % 1 "%", make the system kernel understood as "executable request", it will be for the use of this way of open the file creation process, finally carried out file is loaded, if there is another program change the key value, Windows it invokes the specified file to open it. Some trojans change the "open mode" of exefile corresponding to the EXE suffix name to "trojans "%1" %*". When running the program, the system will first create a process for the "trojans" and pass the following file name as a parameter to it for execution. Thus, it seems to us that the program is started normally. Because the Trojan is used as the calling program for all EXE files, it can stay in memory for a long time and recover its own files every time, so in the eyes of the average user, the Trojan is "immortal". However, once the Trojan is deleted, Windows will not find the corresponding calling program, so the normal program cannot be executed, which is the source of the so-called "all programs can't run" situation, it is not the Trojan changed the system core, there is no need to reinstall the whole system. Is the simplest way to eradicate the Trojan's only need to look at what EXE file opened the way to the program, to immediately stop the process of the program, if it also produces other Trojan files, and stop, then keep the registry editor to open the case (or all of your program will be won't open) remove all Trojan files, put exefile KEY_CLASSES_ROOT \ "open way" item exefile \ shell \ open \ command) to change back to the original "% 1" % "*". If you remove Trojan forgot to change the parallel way back before, you will find the program to open it, then don't try so hard, if you are a Win9x users, please use the "shell replacement solution" : the restart press F8 to enter boot menu select MS - DOS mode, the Explorer. exe literally change a name, put REGEDIT. EXE Explorer. The name was changed to exe, restart again after will find into Windows only a registry editor, Please switch back to the parallel mode and don't forget to restore the previous Explorer.exe when you restart it. For Win2000 / XP user, the operation more simple, as long as the boot press F8 into the start menu, choose "command prompt safe mode", the system will automatically call command prompt interface as a case, direct input REGEDIT inside to open the registry editor XP users don't even need to restart, in the "open way" browse directly to the CMD. EXE can open "command prompt" interface run registry editor REGEDIT. EXE...
In fact, the server installed an mcafee can be, the specific Settings can refer to
//www.jb51.net/hack/40724.html