Well known Trojans generally start way: load to the“Start”menu in the“start”entry, recording to the registry HKEY_CURRENT_USERSoftwareMicrosoftwindowscurrentversionrun items and HKEY_LOCAL_MACHINESOFTWAREMicrosoftwindowscurrentversion[Run key, more advanced Trojans will also be registered as a system“service”program, and more than these types of start mode are available in“System Configuration Utility”in“Start→Run”in the implementation of“Msconfig”“startup”and“services”, find it on the trail.
Another little-known way to start, is in the“Start→Run”in the implementation of“Gpedit. msc in”. Open the“Group Policy”, You can see“local computer policy”there are two options:“Computer Configuration”and“User Configuration”, expand“User Configuration→Administrative Templates→System→logon, double-click at user logon run these programs at”sub-item Set Properties, select the“Settings”item in the“Enabled”item and click the button“show”pop-up“display Contents”window, and then click the“Add”button in the“Add project”window within the text box input to be from the start of the path to the program, click the“OK”button.
Restart the computer system when they log in it will automatically start you add a program, if just added is a Trojan program, then a“stealth”Trojan horse was born. Because in this way added since the start of the program in the system The“system configuration utility”is nowhere to be found, also in our well-known registry key is not found, it is very dangerous.
By this way added since the start of the program although is recorded in the registry, but not in our well-known registry HKEY_CURRENT_USERSoftwareMicrosoftwindowscurrentversionrun items and HKEY_LOCAL_MACHINESoftwareMicrosoftwindowscurrentversion[Run key, but in the registry of the HKEY_CURRENT_USERSoftwareMicrosoftwindowscurrentversionpoliciesexplorerrun. If you suspect that your computer is kind of a“Trojan horse”, but can't find where it is, suggest you to the registry HKEY_CURRENT_USERSoftwareMicrosoftwindowscurrentversionpoliciesexplorerrun item in the Find bar, or enter the“Group Policy”“in user logon run these programs at”look there is no start of the program