Places where trojans hide in ur system

///THE FOLLOWING REGISTRY FILES R USED BY TROJANS FOR HIDIN IN UR SYSTEMS ND D COUNTERMEASURE IZ 2 CREATE BACKUP n DELETE D FOLLOWING REG FILES/////////

Registry is often used in various auto-starting methods. Here are some known ways:

[HKEY_LOCAL_MACHINESoftwareMicrosoftW
indowsCurrentVersionRun]

“Info”=”c:directoryTrojan.exe”

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce]

“Info”=”c:directoryTrojan.exe”

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices]

“Info”=”c:directoryTrojan.exe”

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServicesOnce]

“Info=”c: directoryTrojan.exe”

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]

“Info”=”c:directoryTrojan.exe”

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce]

“Info”=”c:directoryTrojan.exe”

Registry Shell Open methods

[HKEY_CLASSES_ROOTexefileshellopencommand]

[HKEY_LOCAL_MACHINESOFTWAREClassesexefileshellopencommand]

A key with the value “%1 %*” should be placed there and if there is some executable file placed there, it will be executed each time a binary file is opened. It is used like this: trojan.exe “%1 %*”; this would restart the Trojan.

ICQ Net Detect Method

[HKEY_CURRENT_USERSoftwareMirabilisICQAgentApps]

This key includes all the files that will be executed if ICQ detects Internet connection. This feature of ICQ is frequently abused by attackers as well.

ActiveX Component method

[HKEY_LOCAL_MACHINESoftwareMicrosoftActiveSetupInstalledComponentsKeyName] StubPath=C: directoryTrojan.exe

These are the most common Auto-Starting methods using Windows system files, and the Windows registry

Leave a Reply

Your email address will not be published. Required fields are marked *