sai7sai
2006-06-15, 12:40 AM
惡意程式之所以能常駐在系統裡或改變系統設定,通常會修改下列幾個地方,以達到此目的。
Autstart Registry Locations
1. 當使用者登入系統時,在這個機碼(key)下的的程式或Script會被自動執行起來:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup\
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load\
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\run
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\
HKCU\Software\Policies\Microsoft\Windows\System\Scripts
詳細的內容,請看http://malware-test.com/smf/index.php?topic=1117.0。
:boldred:
贊助商連結
Autstart Registry Locations
1. 當使用者登入系統時,在這個機碼(key)下的的程式或Script會被自動執行起來:
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\Setup\
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce\
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load\
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\run
HKLM\Software\Policies\Microsoft\Windows\System\Scripts\
HKCU\Software\Policies\Microsoft\Windows\System\Scripts
詳細的內容,請看http://malware-test.com/smf/index.php?topic=1117.0。
:boldred:
贊助商連結