The Trojan's general start-up mode is: loaded into the "start" menu in the "Start" menu, recorded the hkey_current_user / currentversion / millosoft / windows / currentversion / run item and hKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CURRENTVERSION / [RUN item, the higher Trojan will also register as the "service" program of the system, these types of startups can be implemented in the System Configuration Utility ("MSConfig" in "Start → Run" "Start" items and "service" items found its trace.
Another kind of child-known start-up mode is to perform "gpedit.msc" in "start → run". Open "Group Policy", you can see two options in Local Computer Policy: Computer Configuration and User Configuration, Expand "User Configuration → Management Templates → System → Sign in", and Double click "Run when you log in. These programs "sub-items perform attribute settings, selected" Enabled "items in the Settings item and click the" Display "button to pop up the" Add "window, click the Add button, add the project window In the text box, enter the path to the program you want to start, click the "OK" button to complete.
Restart your computer, the system will automatically start your added programs when logging in. If you just add Trojans, then a "invisible" Trojan is born. Because the self-starting program added in this way is not found in the system's "system configuration utility", it is also very dangerous to find in the registry key we are well known.
In this way, the self-starting program is recorded in the registry, but the HKEY_CURRENT_USER / SOFTWARE / Microsoft / Windows / CurrentVersion / Run Item / WINDOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / [ In the RUN item, it is in the hkey_current_user / currentversion / policies / explorer / run item of the registry. If you suspect that your computer is specifically cultivated, you can't find it. It is "Running these programs when logging in to" in the user "to see if there is a program that is started.
