Eight Ways to trigger a Trojan

◆ Registry
Open the five primary keys Run and RunServices under HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersion to find the key value that may be used to start the Trojan.
◆ WIN. INI
C: WINDOWS directory has a configuration file win. ini, which can be opened in text mode. The windows field contains the startup commands load = and run =, which are normally blank. If there is a startup program, it may be a Trojan.
◆ SYSTEM. INI
C: There is a configuration file system. ini in the WINDOWS directory, which is opened in text mode. There are command lines in 386Enh, mic, and drivers32, where you can find the startup command of the Trojan.
◆ Autoexec. bat and Config. sys
These two files in the C-drive root directory can also start Trojans. However, this loading method usually requires the control end user to establish a connection with the server, and then upload the file with the same name as the trojan startup command added to the server to overwrite the two files.
◆ *. INI
That is, the application startup configuration file. The control end uploads the file with the same name as the trojan startup command to the server to overwrite the file with the same name, in this way, the Trojan can be started.
◆ Registry
Open the primary key of the HKEY_CLASSES_ROOT file type \ shellopencommand and view its key value. For example, a Chinese Trojan "glacier" is used to modify the key value under HKEY_CLASSES_ROOTxtfileshellopencommand, and "C: windows notepad. change EXE % 1 to "C: WINDOWSSYSTEMSYSEXPLR. EXE % 1 ", when you double-click a TXT file, the original application NOTEPAD opened the file, but now it becomes the start of the Trojan program. It should also be noted that not only TXT files, but Trojans can be started by modifying the key values of startup commands for HTML, EXE, ZIP and other files, the difference lies only in the difference of the primary key "file type". TXT is txtfile and ZIP is WINZIP. You can try to find it.
◆ Bundling files
To implement this trigger condition, you must first establish a connection between the control end and the server end through a Trojan, and then control the end user to bind the trojan file with an application using the tool software, upload the file to the server to overwrite the original file, so that even if the trojan is deleted, the trojan will be installed as long as the application bound with the trojan is run.
◆ Start Menu
The start-Program-start option may also have a trojan trigger condition.