I will teach you how to prevent *s, only targeting web *s, with an efficiency of more than 90%. It can prevent more than 90% of *s from being executed on your machine, and even *s that cannot be discovered by antivirus software can be prohibited. Let me talk about the principle first.
Now web *s can be accessed into your machine in the following ways:
1. Change the * file to a BMP file, and then cooperate with the DEBUG in your machine to restore it to EXE. There is 20% of the *s on the Internet;
2. Download a TXT file to your machine, and then there is a specific FTP connection. FTP is connected to the machine where they have *s to download the *s. There are 20% of the *s on the Internet;
3. It is also the most commonly used method. Download an HTA file and then use the web control interpreter to restore the *. The * is more than 50% on the Internet;
4. Use JS scripts and use VBS scripts to execute * files. This type of * steals QQs, and fewer steals legends, accounting for about 10%;
5. Other methods are unknown.
Now let’s talk about the prevention method, which is to change the name of the windows\system\ file and decide what you want to change it to (note that Windows 2000 and Windows Xp are under system32).
Create a new key value based on CLSID for ActiveSetup controls under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\Create a new key value based on CLSID {6E449683_C509_11CF_AAFA_00AA00 B6015C}, and then create a REG_DWORD type key Compatibility under the new key value, and set the key value to 0x00000400.
Also, windows\command\ and windows\ have changed their names (or deleted).
Some of the latest popular *s have the most effective defense
For example, the popular * horse on the Internet, this is the main body of one of the * horses, lurking in Windows98/WindowsMe/
In the c:\windows directory of Windows Xp, and in the c:\winnt directory of Windows 2000.
If you get this *, first we use the process manager to end the running *, and then create one in the c:\windows or c:\winnt\ directory and set it to a read-only property (2000/XP NTFS disk format, that's even better, you can use "Security Settings" to set it to read). In this way, the * will not be infected again in the future. This method I have tested has been very effective for many *s.
After such modifications, I now specifically look for the * URLs posted by others to test. The experiment result was that about 20 * websites were posted, about 15 Risings would call the police, and the other five Risings did not report it. And my machine did not add new EXE files, nor did new processes appear. However, some *s are left in the temporary folders of IE. They are not executed and there is no danger. Therefore, it is recommended that you clean up temporary folders and IE frequently.
Now web *s can be accessed into your machine in the following ways:
1. Change the * file to a BMP file, and then cooperate with the DEBUG in your machine to restore it to EXE. There is 20% of the *s on the Internet;
2. Download a TXT file to your machine, and then there is a specific FTP connection. FTP is connected to the machine where they have *s to download the *s. There are 20% of the *s on the Internet;
3. It is also the most commonly used method. Download an HTA file and then use the web control interpreter to restore the *. The * is more than 50% on the Internet;
4. Use JS scripts and use VBS scripts to execute * files. This type of * steals QQs, and fewer steals legends, accounting for about 10%;
5. Other methods are unknown.
Now let’s talk about the prevention method, which is to change the name of the windows\system\ file and decide what you want to change it to (note that Windows 2000 and Windows Xp are under system32).
Create a new key value based on CLSID for ActiveSetup controls under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\Create a new key value based on CLSID {6E449683_C509_11CF_AAFA_00AA00 B6015C}, and then create a REG_DWORD type key Compatibility under the new key value, and set the key value to 0x00000400.
Also, windows\command\ and windows\ have changed their names (or deleted).
Some of the latest popular *s have the most effective defense
For example, the popular * horse on the Internet, this is the main body of one of the * horses, lurking in Windows98/WindowsMe/
In the c:\windows directory of Windows Xp, and in the c:\winnt directory of Windows 2000.
If you get this *, first we use the process manager to end the running *, and then create one in the c:\windows or c:\winnt\ directory and set it to a read-only property (2000/XP NTFS disk format, that's even better, you can use "Security Settings" to set it to read). In this way, the * will not be infected again in the future. This method I have tested has been very effective for many *s.
After such modifications, I now specifically look for the * URLs posted by others to test. The experiment result was that about 20 * websites were posted, about 15 Risings would call the police, and the other five Risings did not report it. And my machine did not add new EXE files, nor did new processes appear. However, some *s are left in the temporary folders of IE. They are not executed and there is no danger. Therefore, it is recommended that you clean up temporary folders and IE frequently.