Databases Reference
In-Depth Information
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
RunOnce]"Info"="c:\trojan.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
RunServices]"Info"="c:\trojan.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
RunServicesOnce]"Info="c:\trojan.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Run]"Info"="c:\trojan.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
RunOnce]"Info"="c:\trojan.exe"
[HKEY_CLASSES_ROOT\exefile\shell\open\command] ->
value=trojan.exe %1 %*
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\
command] -> value=trojan.exe %1 %*
The last two registry lines use the fact that if the value for these keys is
trojan.exe %1 %*
, then the Trojan will be executed each time you open a
binary file.
Some Trojans have a single purpose in life and others are general-pur-
pose “let the attackers do whatever they please” -type Trojans. Specialized
Trojans include password-sending Trojans that extract passwords stored in
various locations on the machine. Another specialized Trojan is one that
does keystroke logging—these Trojans send anything you type to the
attackers (allowing them to get your passwords). General-purpose Trojans
include server Trojans that allow attackers to run anything on your
machine, file deletion Trojans, and denial-of-service (DoS) Trojans that just
vandalize your system. There are even Trojans that will combat security
products—for example, there are Trojans that look for and kill Norton anti-
virus software—so it is truly a battle between good and evil.
Search WWH ::
Custom Search