The Muzic

gak usah liatin gue, cuekin aja..

Global Variables


Click here for Myspace Layouts

Minggu, 05 Februari 2012

All Known and Unknown Autostart Methods In Windows

Diposting oleh di 07.44 · 
 
 
1. Autostart folder
   Everything in here will restart.
   C:\windows\start menu\programs\startup {english}
   C:\windows\Menu Démarrer\Programmes\Démarrage {french}
   This Autostart Directory is saved in    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell
   Folders Startup="C:\windows\start menu\programs\startup" 
   'So it could be easily changed by any program.

2. Win.ini
   [windows]
   load=file.exe
   run=file.exe

3. System.ini [boot]
   Shell=Explorer.exe file.exe

4. c:\windows\winstart.bat
   'Note behaves like an usual BAT file. Used for copying deleting specific files. Autostarts
    everytime

5. Registry
   [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
   [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]
   [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
   [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
   [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
   [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
   [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices]

6. c:\windows\wininit.ini
   'Often Used by Setup-Programs when the file exists it is run ONCE and then is deleted by     windows
    Example: (content of wininit.ini)
    [Rename]
    NUL=c:\windows\picture.exe
    'This example sends c:\windows\picture.exe to NUL, which means that it is deleted. This
    requires no interactivity with the user and runs totaly stealth.

7. Autoexec.bat
   Starts everytime at Dos Level.
                                                              
8. Registry Shell Spawning
   [HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\" %*"
   [HKEY_CLASSES_ROOT\comfile\shell\open\command] @="\"%1\" %*"
   [HKEY_CLASSES_ROOT\batfile\shell\open\command] @="\"%1\" %*"
   [HKEY_CLASSES_ROOT\htafile\Shell\Open\Command] @="\"%1\" %*"
   [HKEY_CLASSES_ROOT\piffile\shell\open\command] @="\"%1\" %*"
   [HKEY_LOCAL_MACHINE\Software\CLASSES\batfile\shell\open\command] @="\"%1\" %*"
   [HKEY_LOCAL_MACHINE\Software\CLASSES\comfile\shell\open\command] @="\"%1\" %*"
   [HKEY_LOCAL_MACHINE\Software\CLASSES\exefile\shell\open\command] @="\"%1\" %*"
   [HKEY_LOCAL_MACHINE\Software\CLASSES\htafile\Shell\Open\Command] @="\"%1\" %*"
   [HKEY_LOCAL_MACHINE\Software\CLASSES\piffile\shell\open\command] @="\"%1\" %*"
     
   The key should have a value of Value "%1 %*", if this is changed to "server.exe %1 %*",
   the server.exe is executed EVERYTIME an exe/pif/com/bat/hta is executed.
   Known as Unkown Starting Method and is currently used by Subseven.

 9. Icq Inet
   [HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\test]
   "Path"="test.exe"
   "Startup"="c:\\test"
   "Parameters"=""
   "Enable"="Yes"

   [HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\
   This key includes all the APPS which are executed IF ICQNET Detects an Internet Connection.

9. Misc Information
   [HKEY_LOCAL_MACHINE\Software\CLASSES\ShellScrap] 
   @="Scrap object" "NeverShowExt"=""
                                                              
   The NeverShowExt key has the function to HIDE the real extension of the file (here) SHS.
   This means if you rename a file as "Girl.jpg.shs" it displays as "Girl.jpg" in all programs
   including Explorer.
   Your registry should be full of NeverShowExt keys, simply delte the key to get the real
   extension to show up.
_____________________________________________________________________________________________

0 komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)

handapeunpost