6. Hiding in it
*s are really everywhere! They can drill wherever there is room! So, the Windows installation directory is also a place where *s like to hide. Be careful and open this file to see how it is different from a normal file. In the [boot] field of the file, is there such content? That is shell=. If there is indeed such content, then you will be unfortunate because the * server program is here! In addition, in the [386Enh] field, you should pay attention to checking the "driver=path\program name" in this section, which may also be used by *s. In addition, in the three fields [mic], [drivers], and [drivers32], these segments also play the role of loading drivers, but they are also a good place to add * programs. Now you should know that you should pay attention to it.
7. Invisible in the startup group
Sometimes *s don't care about their whereabouts. They pay more attention to whether they can be automatically loaded into the system, because once the * is loaded into the system, you can't drive it away no matter what method you use (hey, this * is really too thick-skinned). Therefore, according to this logic, starting a group is also a good place for *s to hide, because it is indeed a good place for automatic loading and running. The corresponding folder of the dynamic group is: C:\windows\startmenu\programs\startup, and its location in the registry is: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellFoldersStartup="C:\windows\startmenu\programs\startup". Be careful to check the startup group frequently!
8. Hidden in
According to the above logic theory, *s like to stay in any places that are conducive to automatic loading of *s. This is also a file that can be automatically loaded and run by Windows. In most cases, it is automatically generated by applications and Windows. After executing and loading most drivers, it starts to execute (this can be seen by pressing the F8 key at startup and selecting the startup method of gradually tracking the startup process). Since the function can be completed by substitution, the * can be loaded and run like in it, and the danger comes from this.
9. Bundled in startup file
That is, the startup configuration file of the application. The control side uses these files to start the program and uploads the created file with the * startup command to the server to overwrite the file with the same name, so that the purpose of starting the * can be achieved.
10. Set in a super connection
The owner of the * horse puts malicious code on the web page to lure users to click. The result of the user clicks is self-evident: open the door and invites thieves! I advise not to click on the link on the web page casually, unless you understand it and trust it.