When using a computer, you will often encounter some unreliable files, such as cracked games or software, counting machines and registration machines, niche software, files given by the other party during online shopping, and so on. These things may include virus Trojans or rogue behaviors such as modifying IE settings; It is unsafe to open these files, and it is uncomfortable not to open them; At this time, some methods are needed to judge whether this file is safe or not. The following skills for judging whether a document is malicious are compiled by me for your reference. I hope you can learn something!

How to judge whether a file is malicious:

First, check the file properties.

1, according to the file name.

Viewing file properties can be said to be the easiest and quickest way. This method can only be effective for virus Trojans disguised as normal files, which are more common in online shopping and USB flash drives. Among them, the most typical technologies are double suffix and unicode inversion. For example, a file named "Photos". There is almost certainly something wrong with "gif.exe" or "Goods exe.jpg".

This type of file is aimed at users who do not uncheck "Hide known file extensions" in the folder option. This kind of users can only see "photo.gif" when receiving "photo.gif.exe", which is easily mistaken for a picture file with a suffix of gif. Opening such a file will almost certainly cause problems. Of course, both QQ and Want Want seem to be forced to rename executable files, which largely avoids such incidents. The latter is mainly for users who are not careful enough. This kind of users often don't check the file properties carefully after seeing unfamiliar files. As a result, they often mistake the file "Cargo exe.jpg" for a picture file with the suffix jpg, but it is actually an executable file, which will definitely be tragic after implementation.

Here, the most important thing is to cancel "hide known file extensions", as follows:

Click the start menu in turn-> Control panel->; Folder option, and then make the settings shown below.

Of course, you don't have to worry about double suffix and unicode inverted executable files without extensions. The file extensions of executable files are exe, bat, msi, etc. In addition, we should also pay attention to CAD files, office files and PDF files, because these files may be infected with viruses, such as CAD viruses and macro viruses. When opening files with these viruses, normal CAD files and office files on the computer may be damaged. If possible, try to use the latest genuine software to open such files or consider installing anti-virus software that can prevent CAD virus or macro virus, such as 360. For PDF files, only the latest official version of Adobe Reader can be used.

In addition to double suffix and unicode inversion, some files with special file names also need attention, such as too simple file names, such as 1.exe and 0.exe, which are very similar to system files or famous software, such as expIore.exe, QQDown 1oad.exe, etc. Files that look like web addresses, such as wenwen.soso,

2. Judging by digital signature

The digital signature on the program indicates the manufacturer of the program. In software, it is mainly used to verify the integrity of the software and whether it has been modified after release. The software produced by regular companies has valid digital signatures.

If you claim that it is produced by a regular company, or the name or file name of the software is a famous software, but there is no valid digital signature, then you can be sure that the software is counterfeit. Among them, the software with invalid digital signature is more suspicious than the software without digital signature, because the invalid digital signature cannot be directly seen in the attributes, and it is easy to misunderstand it as the software of a regular company. It should be noted that most cracking software and third-party modification software do not have digital signatures, which is very dangerous because it is impossible to verify whether they have been modified after release.

The following is the verification method of digital signature, taking Maxthon 3 as an example:

1. Right-click Maxthon 3 main program Maxthon.exe, select "Properties" in the pop-up menu, and click the "Digital Signature" tab in the properties window:

2. Select the signature in the Digital Signature tab, and then click Details to view the details of the certificate:

In this case, we need to pay special attention to check whether the digital signature is valid, whether the digital signature is valid, whether the software is credible and whether the digital signature is invalid, so the software is very suspicious; You also need to pay attention to the issuer, and if the issuer is unknown, you also need to pay attention. ODO, Verizon, Microsoft and so on are common.

Second, according to the results of multi-engine scanning websites:

This is another way to quickly determine whether a file is a Trojan virus.

Multi-engine scanning website uses the software killing engine on the website server to scan the files uploaded by users and get the scanning results. Using this result, sometimes you can quickly judge whether a file is a virus.

Generally speaking, when a file is reported by all antivirus software engines or several antivirus software mentioned in the previous paragraph, it is almost certain that the file is malicious, and opening it will lead to computer problems. If all antivirus software is not reported, and the file has existed on the network for some time, then it is almost impossible for the file to be malicious software.

Of course, more often, some anti-virus software will report the virus, and some will not. At this time, it is necessary to comprehensively check the anti-virus software and virus name. Well-known anti-virus software, especially the one that underreported and misreported in AV-TEST and AV-C tests, can generally confirm that there is something wrong with the file. In addition, virus names often contain reasons for judging whether a file is malicious, such as: the back door is the back door, that is, the software author may bypass the security control and gain access to the program or system; Spy and Trojan belong to spyware, that is, the software author may use the software to secretly collect user information without the user's permission; Malware is a virus that may infect and destroy computers. Win32 is common in the naming of viruses; "General" means that the file was reported by a heuristic scanning engine, and it is most likely to have false positives, and so on. Details can be found in the software official website.