A Study On The Techniques Of Trojan Horse Protection And Remove Using Difference Compare

Trojan horse has already become the hotspot and the main emphasis in the area of network information security since it appeared. The trojan technique has been used as the important to by hackers or lawless persons to invade or control other network or computer because of its speciality of concealment, remote loading and control Trojan horse has been a dark industry because of the tempt of lawless benefit, and spreads quickly.In the thesis,Trojan was thorough researched and analyzed.The main work done as follows:1.We summarize the conception,the main characteristic,the infect method,the notice method of Trojan Horse.2.We systematically studie and analyze the principle and function of various trojan horses, the techniques and ideas of trojan loading, the startup methods and hidden methods of the trojan horses ,and the history and the development direction of the trojan horses.3.We analyze the hide mechanism of Gray Pigeon,give the way of removing it.4.We analyze the limits of the popular detecting method of Trojan Horse by character codes,point out that the detecting method of Trojan has the drawback to detect for the unknown Trojan,can not detect them. We analyze the limits of the detecting method of Trojan Horse by behavior characters,point out that the method has the drawback. The method just detects a certain behavior character of Trojan horse,it is effective for some kind of Trojan horse but not for others.5.This paper introduces a solution, that is the way of difference compare.This way integrates the technique of removing Trojan horse based on character codes with the technique of removing Trojan horse based on all-sided behaviors.This way not only supply a gap for the technique of removing Trojan horse based on character codes,but also perfect the technique of removing Trojan horse based on onefold behaviors.This way does not give up the database of character codes. This way firstly analyzes the characters of object system and saves the characters in the object character database, then watchs the Registry,the system directory,system file and system service,API and system function,hardware and others malice action of Trojan.By analyzing and comparing whether the characters of object system changes or not users judge whether Trojan horses infect ,then decide to protect or remove.