Secret of Vista Group Policy: Hiding QQ Trojan

Group PolicyIt plays an important role in maintaining the network security of the system. I think this is what everyone knows. However, we should not know that the Group Policy in vista can also hide the QQ trojan virus, making it difficult for users to discover and kill. What is the problem? A detailed description is provided below.

Two days ago, the QQ program on the machine caught a QQ tail inexplicably. Although I found the location of the QQ tail and cleaned it up later, I was surprised that every time I entered the system, the QQ tail will start with the system. At the same time, I did not check the startup items of the QQ tail program in the Start Menu, Registry Startup items) and system configuration programs. Does QQ tail go to heaven?

In fact, it is not the QQ tail virus that has the function of getting to the ground, but it is hidden in a place that we are not very familiar. Because the start item of the Start menu, the start item in the registry, and the system configuration program do not have traces of the QQ tail virus, you can only suspect that it is a group policy.

TIPS:

As the QQ virus Trojan has been cleared, This article uses the qq exe file as an example to explain how the QQ tail is hidden.

Run the Group Policy Editor to expand "user configuration"> "management module"> "system"> "Logon ", in the window on the right, double-click "run these programs when a user logs on" 1), and then click "enabled" in the pop-up dialog box ", in this case, "running the project upon login" becomes optional. 2 ).

Figure 1

Figure 2

Please note that the "show" button in Figure 2 is hidden here. [# Page _ is hidden like this! #0 #0 #0 #0 #]

Click the "show" button in Figure 2. a dialog box is displayed. Click "add" 3). Then, a dialog box is displayed ).

Figure 3

 

Figure 4

Please note that in figure 4, all program paths, including the QQ tail path, must be input manually without any other setting methods.

After an illegal user is set up, the QQ tail will be secretly running in the background every time the system starts. At this time, no clues can be found in the System Configuration program and registry. Therefore, it is relatively concealed and cannot be easily discovered by users.

Now, we should be clear that the Vista group policy can effectively hide the QQ trojan virus, making it hard for us to find it. This does not mean a major vulnerability in the vista system. We should guard against it. More knowledge about group policies remains to be explored and learned by readers.

Edit recommendations]