All well known Trojans generally starts with: "start" to load the menu item "boot", the record into the registry of HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ [Run, more advanced Trojan is also registered as a system of "service" program, a startup can be in the "system configuration utility" (in the "start → run" Msconfig "in the execution") in the "start" and "services" entry to find it.
Another little-known startup method, is in the "start → run" Gpedit.msc "in execution". Open the "group policy", you can see the "local computer policy" has two options: "computer configuration" and the "user configuration", expand "user configuration → management template → system → login", double-click on "when a user logs on to run these programs" subkeys property settings, select "settings" item in the "enabled" and click the "show" button in the pop-up window "display", then click "add" button in the "Add item" window in the text box, enter to auto-start of the path to the program, click the "OK" button. Restart your computer when you log in, the system will automatically start your added programs, if you just added is a Trojan horse program, then a "stealth" Trojan was born. Because this way added since startup programs in system of the "system configuration utility" is not found, also in our familiar registry key is not found, it is very dangerous. In this way added since startup programs while being recorded in the registry, but is not in our well known registry entries and HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ [Run items, but in the registry of HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run items. If you suspect that your computer is kind of a "Trojan horse", but can't find where it is, I suggest you to key in the registry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run, find or access "group policy" in the user logon to run these programs "to see if there's a program to start.
No comments:
Post a Comment