Home > Cloud Computing > Cloud Security

Super exposure-all hidden startup methods of Trojans

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

One of the biggest features of a Trojan is that it must be started with the system, otherwise it will be completely meaningless !!!

Method 1: Registry Startup item: you may be familiar with this item. Pay attention to the following registry key values:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunservices
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRunOnce
1:


All sensitive words such as "run" must be carefully described here)


Method 2: Use System Files
Available files include Win. ini; system. ini; Autoexec. bat; Config. sys. when the system starts, some content of these files can be loaded along with the system, so that they can be used by Trojans.

Open the C: system. ini file under Windows in text mode. We will see
2:


The other files are also frequently used to enable startup;


Method 3: System Startup Group
Open "start" ------ "program" ------ "start" in sequence"
3:


WINXP: C: Documents and Settingsgillispie [start] menu program \ Start
WIN98: C: WINDOWSStart MenuPrograms startup

Corresponding registry key value:
Hkey_current_usersoftwaremicrosoftwindowscurrentversionjavasershell Folders
4:

Method 4: Use File Association:
For example, in normal circumstances, the txt file is opened in the format of notepad.exe. If a file is associated with a Trojan, the file should have been opened in the format of Notepad, but now it has become a Trojan.
There are two ways to solve the file association problem:
① Modify the registry:
If the trojan is an associated EXE file:
Find the key value:
HKEY_CLASSES_ROOTexefileshellopencommand
HKEY_LOCAL_MACHINESoftwareCLASSESexefileshellopencommand
5:

② Enter the control panel and select the folder option --------- file type
6:
Click "advanced" and select "application" in the pop-up menu"




Method 5: load data using services
If the system needs to run normally, some services are indispensable. Some Trojans load services to enable the system as soon as the system starts.

Control Panel -------- management tools ------ Service
7:



Use the net start service name (enable service)
Net stop service name (close Service)

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
different types of trojans of authentication methods types of search methods methods of sending messages methods of string class methods of thread class types of casting methods

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More