Shulou(Shulou.com)05/31 Report--

This article mainly introduces the location where the rogue software in the server starts automatically, which has a certain reference value. Interested friends can refer to it. I hope you will gain a lot after reading this article. Let's take a look at it.

I. the startup folder specific to the current user

This is a common location where many applications start automatically, and Windows automatically starts all shortcuts placed in this folder. The user startup folder is usually launched at:\ Documents and Settings\ start menu\ Program\, where "" is the name of the user account currently logged in.

Startup folder that is valid for all users

This is the second important place to find an automatic startup program, and no matter who the user is logging in to the system, the shortcut to this folder always starts automatically-- which is the difference between it and the user-specific startup folder. This folder is usually started at:\ Documents and Settings\ All Users\ start menu\ programs\.

3. Load registration key

There is not much information about the registration key, in fact, it can also start the program automatically. Location: HKEY_CURRENT_USER\ Software\ Microsoft\ WindowsNT\ CurrentVersion\ Windows\ load.

4. Userinit registry key

Location: HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ WindowsNT\ CurrentVersion\ Winlogon\ Userinit. It is also possible to initialize the program automatically when the system starts. Usually there is a userinit.exe under the registration key, as shown in figure 1, but this key allows you to specify multiple programs separated by commas, such as "userinit.exe,OSA.exe" (without quotation marks).

5. Explorer\ Run registry key

Unlike load and Userinit, the Explorer\ run key is available under both HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE at HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer\ Run and HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Policies\ Explorer\ Run.

VI. RunServicesOnce registry key

The RunServicesOnce registration key is used to start the service program, which starts before the user logs in and before other programs started by the registration key. The location of the RunServicesOnce registration key is: HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ RunServicesOnce, and HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ RunServicesOnce.

7. RunServices registry key

The program specified by the RunServices registration key runs immediately after the program specified by RunServicesOnce, but both are before the user logs in. The location of RunServices is: HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ RunServices, and HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ RunServices.

8. RunOnce\ Setup registry key

RunOnce\ Setup specifies the program to run after the user logs in. Its location is: HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ RunOnce\ Setup, and HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ RunOnce\ Setup.

IX. RunOnce registry key

The installer usually runs the program automatically with the RunOnce key, which is located in HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ RunOnce and HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ RunOnce. The RunOnce key under HKEY_LOCAL_MACHINE runs the program immediately after the user logs in, before other run-specified programs. The RunOnce key under HKEY_CURRENT_USER runs after the operating system processes the other run keys and the contents of the Startup folder. If it's XP, you also need to check HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ RunOnceEx.

10. Run registry key

Run is the most commonly used registration key for autorun programs, located at: HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Run, and HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Run. The run key under HKEY_CURRENT_USER runs immediately below the run key under HKEY_LOCAL_MACHINE, but both are before processing the Startup folder.

Thank you for reading this article carefully. I hope the article "where the rogue software in the server starts automatically" shared by the editor will be helpful to everyone. At the same time, I also hope that you will support and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.