Collect
Check out my collection
0
Useful +1
Number stealing Trojan refers to a malicious program hidden in the computer
Grey pigeon
Unlike, this is a Trojan that is used for the purpose of stealing numbers and is able to steal various accounts (games, applications, etc.) that require passwords.
- Chinese name
- Number stealing horse
- Foreign name
- Pilfer date trojan
- class
- virus
- danger
- Steal account information
catalogue
It is often seen that users say that they are entering their accounts
No.
With the password after the prompt password error, then nine or nine is the stolen number Trojan, in fact, this Trojan is the earliest stolen number Trojan program. There have been very few compilations since 2005
Trojan horse program
The programmer, but also in accordance with this idea of monitoring keyboard records to write Trojan. More advanced number stealing trojans have evolved to extract data from memory to obtain user accounts and passwords.
Regardless of any program, it has its own unique data (including user account, password, level equipment information, etc.). These data will be passed through the machine with
Game server
After obtaining verification, the user's
Role data
Will appear in front of the user. These data are stored in the computer's memory at the time of operation. Trojan authors only need to add in their own programs
Conditional statement
You can get the user's real game account, password, character level and so on. The general meaning of this programming statement should be: when the game process enters to let the user select the role, then extract the account, password, role level and other information from the memory for the last time.
Account theft
Trojan horse program
Generally divided into
Server side
Program and client program two parts, when the server program installed in a computer connected to the network, you can use the client program to log in. This is in line with PcAnywhere and NetMeeting
Remote control
Similar in function. But the difference is,
Wooden horse
It is illegal to obtain the control of the other party's computer, once the login is successful, you can obtain the administrator level rights, the other party's computer information, passwords, etc., is at a glance.
This trojan-like "pseudo-hacker" is rarely used, because it will be caught on fire if it is not careful, and it will be checked by the other side
You can't steal a chicken
MHM. Usually they use only
Server side
This kind of Trojan usually intercepts the password to a mailbox, no need for human operation, free to receive a trip to the mail on it.
This Trojan is all over the Internet, and it's really impossible to defend against, because
Trojan horse program
Many, coupled with the continuous emergence of new versions and new varieties, so that the software can not fully cope, so manual inspection and removal is very necessary.
The Trojan will do anything to hide itself. Don't count on it
Task manager
To see their trace, some trojans will be parasitic with some system processes. As famous as
wraith
Is parasitic on
MsgSrv32.exe
It will also start silently, and the Trojan will automatically load every time the user starts windows
server
,
Windows system
Trojans are used to automatically load applications at startup. Such as startup groups, win.ini, system.ini, registry, and so on are Trojan hiding places.
1, there are many picture trojans, EML and EXE trojans, of which the picture Trojan is actually very simple, is to replace the header of the Trojan exe file with the header of the bmp file, and then cheat
Internet Explorer
Automatically open the file and use a section of the web page
JAVAscript
Small program call
DEBUG
the
Temporary file
bmp file is restored to Trojan exe file and copied to boot item. The next thing is very simple, the next time you start the computer is the beginning of the nightmare, EML Trojan is even more convenient to spread, the Trojan file disguised as audio/x-wav sound file, so that when you receive this email, just browse it without clicking any connection. windows would automatically play the music file, which he thought was wav, and the Trojan could easily enter the computer.
2. Compile Trojan exe to. JS file, and then in
WEB
You can also silently hack into the computer, it's just a few simple ways, and
Remote control
And sharing and so on vulnerabilities can be exploited.
3, through QQ, for example, if you want to steal the account of the specified character in the game, first talk with him 2 sentences to know how much he QQ, and then send the Trojan to him through QQ! QQ can be divided into: direct file transfer,
Network hard disk
Share,
Web Trojan
4. Send the Trojan as an attachment to the email by email! As long as the recipient opens the attachment system will be infected with the Trojan!
5, the tying method, the Trojan horse and the normal program bundled together, when someone runs the surface of the normal program at the same time, the Trojan will run..... This bundled program can be: pictures, movies, music, game plug-ins, etc
6, the Trojan horse in the Internet cafe computer double-click down, you can! For the Internet cafe restoration wizard, in
Auxiliary tool
A column of restore wizard transfer software can break this restriction!
8, the strongest Trojan propagation method:
Web Trojan
! If someone clicks on a website with a Trojan on it, it will automatically go
Server
Load the Trojan! The general download speed is 50K/ s, while the Trojan is only 16K in size, that is to say, as long as someone clicks the URL, the Trojan is instantly down!
Kingsoft poisons the world
Anti-virus surveillance Center
Announced the first half of 2007 top ten online game number theft Trojan:
Monster Thief
The virus is a malicious modification of the Monster Thief, and it's identical to the original
Malicious act
Similarities, will lurk in
Computer system
In, waiting to inject into the online game "World of Warcraft" process, steal the user
Game account
, password and equipment and other valid information, and send it to the Trojan grower. user-creating
Virtual property
The loss.
After the virus runs, it releases isignup.dll, etc
Virus file
, modify
registry
To achieve automatic startup with boot. In addition, it also has the function of self-deletion.
The Journey Thief
"Journey Thief" variant SA (
Win32.Troj.PSWZhengtu. sa
)
The malicious behavior of the virus is similar to the previous "journey thief", which is for the online game "journey", it will lurk in the system of the infected computer, waiting for an opportunity to inject into the process of the game "journey" and intercept the user
QQ account
And password information, will steal the effective information sent to the Trojan growers, resulting in the loss of the user's network virtual property.
After the virus runs, multiple virus files such as npkcrypt.vxd and ztconfig.ini are released, and one named LoginService is added
Virus service
Search the client window of "zhengtu_client" and send the stolen account information and password.
Legendary thief
The virus is a malicious modification of the "Legendary Thief", and similar to the malicious behavior of previous versions, it will lurk in computer systems, looking to acquire users of online games
Login window
And record the user's keyboard and mouse operations, will be stolen information sent to
Horse grower
, causing the loss of the user's virtual property.
After the virus runs, it will release a ptool32.exe virus file, modify the registry, and achieve automatic startup with startup. Disable KVXP_Monitor and KVXP_monitor
Trojan firewall
Such as multiple security software antivirus window.
The Robber to the West
"Westward journey" (Win32. PSWTroj. OnlineGames)
The virus is similar to the general theft Trojan horse behavior, it will lurk in the infected computer, waiting to inject into the online game "A Chinese Odyssey" game process, create
Information hook
Get the game account number and password and send the stolen information to the Trojan grower. Cause the user's virtual property loss.
After the virus runs, it will release the dh2103.dll virus file, modify the registry, and realize automatic startup with startup. Automatically find WSWINDOW window, steal valid information, and send it to malicious site h**p: //wangz*****ta. dprktimes.com /kaole/lin.asp.
Jade Dynasty Thief
Thieves ", "(139264). Win32. PSWTroj OnlineGames.
The virus is an online game number thief, it is similar to the general number theft Trojan, it will wait to inject into the online game."
Jade Dynasty
In the process, by reading the process memory, it obtains the game account and password, and sends it to the Trojan grower, causing the loss of the user's virtual property.
exe and kulionzx.dll virus files will be released after the virus is run, the registry will be modified to realize automatic startup with startup, steal valid information, and send it to hxxp: //www.jb***.com/***yszx/sendmail.asp.
Perfect World Thief
"Perfect World Thief" variant LC(Win32.PSWTroj.XYOnline. lc)
The virus masquerades as system processes on infected computers and monitors the online game "Perfect World.
Game progression
Create an information hook, steal the game's account and password, money and other valid information, and send it to the Trojan growers. Cause the user's virtual property loss.
After the virus runs, it will copy itself to the winlog0n.exe system process, modify the registry, and achieve automatic startup with startup. Search and get the perfect world of ElementClient.exe game process, to achieve the purpose of stealing numbers.
The Dragon Thief
Dragon Thief Variant E(Win32.PSWTroj.TLOnline.e)
The virus is a new online game number thief, it is similar to the malicious behavior of the general number theft Trojan, will lurk in the computer system, monitoring the online game "Tianlong Ba Bu" users
Login window
Records the game account and password and other valid information, and sends the stolen information to the Trojan grower, resulting in the loss of the user's virtual property.
After the virus runs, it releases multiple virus files, modifies the registry, steals game accounts and passwords, and sends them to multiple sites such as h**p: //www.z*****.cn/tianlong/postly.
Dream Journey West Bandit
"Dream Westward Journey Thief" variant IU(Win32.Troj.XiYou.iu)
The virus is the same as the general number stealing Trojan virus
Malicious act
Similarly, it will wait for an opportunity to inject into the online game "fantasy West Journey" game process, while creating information hooks, obtaining the user's account and password and other effective information, and will be stolen information sent to
Horse grower
The specified malicious site causes the loss of the user's virtual property.
After the virus runs, it releases two virus files, nmhxy.exe and nmhxy.dll, which search and inject the game process
my.exe
Get relevant valid information, and then send the information to the malicious site.
Hit Start-run, type: msconfig and press enter to open the system configuration utility. First hit System.ini and see shell= file name. The correct file name should be
explorer.exe
.
If there are other programs behind explorer.exe, it is necessary to check this program, and then click win.ini "run=" and "load=" is a possible way to load the "Trojan" program. Under normal circumstances, they have nothing after the equal sign, if you find that followed by the path and file name is not familiar
Startup file
The computer may be on the "Trojan horse". Of course, this has to be seen clearly, because, like the AOL Trojan, it masquerades as
command.exe
The file, if not noticed, may not realize that it is not the real system startup file.
Finally click "Start" and check the inside
Starting item
If you are not familiar with them, if you are really not clear, you can cancel them all, and then re-run msconfig to see if there is no cancelled startup items re-selected, generally Trojan horses will exist in memory, (that is, threads insert, and then hide the process of the Trojan horse, DLL no process Trojan will not reside in memory) so found to cancel his startup will be automatically added, and then you can gradually add input methods, volume control,
firewall
Waiting for the boot of the software.
There is also a kind of Trojan horse, he is associated with the registry file to open the way, the general Trojan often associated.exe, point start - run, enter: regedit enter, open
Registry editor
Click the first point, which is HKEY_CLASSES_*OT, find exefile and see if the default key value in \emffile\shell\open\command is %1%*. If it is a program path, it must be a Trojan horse, and with more than two kinds of anti-virus software is also necessary, in addition, the Trojan horse is generally difficult to remove under windows, and finally restart to the dos environment to kill.
Start - Set -
Control panel
- Add and delete program -windows installer - remove Windows ScriptingHost from the attachment, then open InternetExplorer browser, click Tools -Internet Options - Security - Custom level, disable all 3 options of the script inside. Then disable "Load programs and files in".
This is just a simple prevention method that may affect the dynamic java effect of some web pages, which can also prevent some malicious
Web bomb
And viruses, if conditions allow you can install a firewall, and then to Microsoft's website to patch some.
Internet cafes use the original installation of windows, very unsafe, try to download some programs in some small websites, especially some known
Hacking tool
The software, careful not to steal others themselves stolen first.
Don't pretend
Restore wizard
It is very safe, the general Internet cafe restore wizard only restore C: disk that is the system area, so as long as the Trojan directly infected the game execution file installed in other disks, it can not escape.
1. Set the role password (can be combined with the password protection card).
2. Set the password of the backpack, the backpack is divided into two parts (G is also divided into 2 parts, 1 large amount, 1 small amount), some need a password (can put important property), some do not password (place common items), can be combined with the secret security card.
3, equipment bar Settings
Password protection card
After going online, you need to enter the number of secret cards in the device bar to use skills. If you do not unbind, skills cannot be used and transactions cannot be made.
4, after the warehouse is opened by the password, it is the same as the backpack.
5, set the exit password, enter the exit password normal to offline, abnormal offline within 5 minutes can not log in.
6 Set the next landing location, the player can choose the next landing IP segment (in the city as a unit, not in the IP segment, can not land)
6 Computer binding, for players with computers can bind CPU numbers, this some anti-virus software has this technology, you are estimated to have this technology.
7, the above six points can be combined with a password protection card, and you can set multiple password protection cards, a password protection card for the login interface, a password protection card for the role interface, a password protection card for the backpack, a password protection card for the warehouse, and a password protection card for logging out. Added:
Myitbo
The card can be bound with your own wishes, but the chase number is greater than or equal to 2, backpacks, warehouses, etc., can be used with the same secret card (it is best not to use the same one for landing), about the hand secret protection can be changed to, do not need to call the mobile phone when landing, all items can not be traded and sold after landing, can not speak, can be lifted after landing on the mobile phone, can prevent the hand secret protection
Login interface
Be exploited by Trojan horses
8, strengthen the game itself anti-Trojan ability. You can work with an anti-virus software company to set up an anti-virus software specifically for Warcraft
9. Add the Internet cafe IP segment protection
10, this requires online game companies to upgrade the existing password system
Security card unbinding process:
Login through the Trojan to steal the player's password, and use the stolen password to enter
Password protection card
Unbind the three pages of the web page when the player is logged in through the Trojan
Password protection card
The number is changed to the three numbers required for the password protection card to unbind, and 1 time can deceive the three numbers required for the password protection card to unbind, and then unbind, the player's account is the same as without the password protection card. The same goes for phone password protection, where the player makes a call and then logs in through a Trojan that prevents the player from connecting
Server
And steal the player's password, and then the thief of the account can go up within 2 minutes to steal the player's property.
A name that is deeply hated by all game players, the equipment that has been won for months, even years, has disappeared in an instant, which makes it painful. According to statistics, 87% of online game enthusiasts have had the experience of theft, and on July 4, 2007, Kingsoft released the security report in the first half of 2007, the report pointed out that among the new trojans in the first half of the year, the theft Trojan is the most serious type of Trojan, accounting for 76.04% of the total number of trojans, up to 58245 kinds.