"Invisible" Trojan startup method secrets

Generally, well-known trojan programs can be started by loading them to the start item in the Start Menu, recording them to the HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun and worker items in the registry, more advanced Trojans will also be registered as system "services" programs, the preceding startup methods can be used in "System Configuration Utility" (execute "Msconfig" in "Start> Run ") find its trace in the "Start" and "service" items.

Another little-known startup method,

Is to execute "Gpedit. msc" in "Start> Run ". Open "Group Policy" and you can see that "Local Computer Policy" has two options: "Computer Configuration" and "user configuration". Expand "user configuration> management template> system> Logon ", double-click the subitem "run these programs when a user logs on" to set properties, select the "enabled" item in the "Settings" item, and click the "show" button to bring up the "show content" window, click the Add button, enter the path of the program to be started in the text box in the Add project window, and click OK.

Restart the computer, and the system will automatically start the program you added when you log on. If you just added a Trojan, then an "invisible" Trojan is born. Because the self-starting program added in this way cannot be found in the system's "System Configuration Utility", it is also not found in the well-known registry key, so it is very dangerous.

Although the self-Start program added in this way is recorded in the registry, it is not included in the HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun and secret items in the registry that we know. If you suspect that your computer has been planted with a "Trojan", but you cannot find its location, we suggest you go to the HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun item in the Registry to find it, or go to "Group Policy" and "run these programs when the user logs on" to see if there are any programs started.