We know the Trojans to start a general way: load the "start" menu "Start", recorded in the registry HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run and HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ [Run item, the higher the horse will be registered as a system of "service" program, more than a few starts this way can be found in the "System Configuration Utility" ( "→ start running" in the implementation of "Msconfig ")" Start "and" service "items found traces of it.
Another little-known start-up mode in the "Start → Run" in the implementation of the "Gpedit.msc". Open the "Group Policy", see "Local Computer Policy," there are two options: "computer configuration" and "user profile", a "User Configuration Administrative Templates → → → registry system", double-click "user login When running these programs "sub-item property, selected the" set "of the" enabled "item and click the" show "button pop-up" display the contents of the "window, and then click" Add "button," added Project "window of the text box to enter since the start of the path of the program, click" OK "button is complete.
Restart the computer, the system will automatically log on when you start to add the program, if just to add that the Trojan horse, a "stealth" on this horse was born. Because in this way to add since the start of the process in the system, "the System Configuration Utility" can not find the same in our well-known item in the registry is not found, so very dangerous.
Add this way since the start of the procedure should not be recorded in the registry, but we are not familiar with the registry HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run and HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ [ Run item, but the registry HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ Run item. If you suspect that your computer was a kind of "Trojan horse", but also can not find where it is recommended that you go to the registry HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ Run item, look for it, or Is the "Group Policy", "when the user logs in to run these programs" to see if there is no procedure to start. |
