We know, some Trojans implement the file association by modifying EXE to start with the EXE program. Today, I saw another way to know some kind of method, that is, through the registry hkey_local_machine / Software
/ Microsoft / Windows NT /
CurrentVersion / Image File
Execution Options
Enjoy a registry key next, the item name is A.EXE, then the new string is set below, the string is named debugger, the string value is the full path of program B.exe.
Obviously, this is achieved for the system to set the error correction program specified by each program. Let me feel that A.EXE does not have to specify the path!
So, I have to pay attention to one place when you find Trojans. However, I think the method of searching the registry is more direct.
Affirming: The purpose of the information I provide is to make Windows users better maintenance system security, strongly oppose any invasion, destroying behavior!
