Imagine about some viruses hidden technology
The hidden / replication registration is not the best way to serve the service, I think that CreateremoteThread is a better way to inject threads into the specified process. (Note: Valid only for NT / 2K / XP)
Another universal method is hook, Windows has a special hook - wh_getMessage, hangs when calling getMessage, we know, most Win32 programs should be used with getMessage. Therefore, write hook and code in the DLL, the DLL will be hanging Go to most processes unless the process is restarted or turned off.
File viruses will infect PE files, provide a new idea, or use "hook", but APIHOOK, remove CreateProcess, CreateThread Hook, join Copy Code before calling
Another small trick is about the program's naming, it is recommended to use the system file name / icon, such as Explorer.exe, kernel32.dll, etc. If the original file is placed in / system (32), vice versa.
In the registry, the item is not written, but use Rundll32 Somedll.dll, SomeFunction
Because it is "ideas", there is no code, I hope to understand
