-
March 4th, 2005, 01:47 AM
#1
how to start things at boot
Is there s list of ways to start programs at boot time in Windows?
I know one way is to put it in the start-up folder in the "Start" menu, which is relatively easy. I know that there are methods for setting up certain registry keys, but which are the ones that could be changed. Also how exactly do you "put" things into registry?
I've also heard a way of starting things by "win.ini" files.
Also, does anyone know what is the "secret" startup method that some versions of sub7 use?
-
March 4th, 2005, 01:49 AM
#2
start >> run >> regedit
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/Run
v_Ln
-
March 4th, 2005, 01:50 AM
#3
MSConfig will show you a lot of things. Caveat Hax0r
REGEDT32 will give you access to the registry, whereby you can add, modify, and delete keys and values, much to the dismay of whomever will have to clean up the system after you've trashed it. Again, Caveat Hax0r. Editing the registry is not for the faint of heart. It's really not a big deal if you know what you are doing...much like running a lot of commands when logged into the console of a *nix server as root.
These are just snigglets to get you started...I don't really know, but this is where I would be looking.
/* Edit */
Both of these are launched from START > RUN
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
March 4th, 2005, 01:55 AM
#4
Banned
and yet another: (i ain't retyping this!)
Service Configuration
A service is loaded on startup by either using svchost.exe or by windows directly launching the application. If a service is loaded directly by windows, the associated file name that launches the service can be found in the ImagePath value under the following registry entry
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\servicename
When the service is being launched by svchost.exe, it will be placed in a particular service group, which is then launched by svchost.exe. A listing of these groups and the services that are launched under them can be found here:
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Svchost
Under this key you will find various groups (netsvcs, LocalServices, etc) in which each contain multiple services that will be launched when the group is loaded by svchost.exe. These groups are loaded by the following command:
svchost.exe -k netsvcs
It will load all the services found under the netsvcs group in the above key and appear as one process under the process list. So each time a new group is loaded by svchost.exe, you will find a new svchost.exe process listed in memory. It is for this reason why there are multiple svchost.exe processes listed on a machine. If you are using Windows XP, as this command is not available on Windows 2000, you can see what services each svchost.exe process is controlling by running the following command from a command prompt: tasklist /SVC
When a service is launched in this way, the actual filename for the service can be found here:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\servicename\Parameters\\ServiceDll
The value of ServiceDLL is the actual service file that we want to be concerned with.
-
March 4th, 2005, 01:56 AM
#5
You can also start a program as a service... there are a couple tutorials on this site for that.
One is by HTRegz and one by me.
http://www.antionline.com/showthread...hreadid=244583
http://www.antionline.com/showthread...hreadid=259842
You can start a program per user, or for all users...
for all users
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/Run
for current user
HKEY_CURRENT_USER/SOFTWARE/Microsoft/Windows/Run
If you are not the current user... you can modify the specific user under
HKEY_USERS/useryouwanttoeditSSID/SOFTWARE/Microsoft/Windows/Run
You add stuff to the registry a variety of different ways...
Manually editing the registry or via importing the reg keys.
Before you go messing about with your registry... I suggest your REALLY read up on it.
Make sure you back it up too. If you don't know what you're doing... you can fux0r your b0x0r.
Those are the two main ways I do it.
Aside from the startup box in the start menu.
If you are using Nt/2k/XP, you can start a program just for a specific user or all users, depending on where you place the shortcut.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
March 4th, 2005, 02:02 AM
#6
anyone knows about this "secret" method in sub7
-
March 4th, 2005, 02:12 AM
#7
Hi
If you want to know where malware is possibly hiding , I have maintained
a little list - which might be far from complete. Part of it has already
been mentioned here, some point haven't:
(I haven't written down all sources, so I cannot give credit to
whomever - edit: [1],[2],[3]). In the governmentsecurity[1], [coder]
has a few more.
Code:
system.ini (Shell=Explorer.exe malware.exe)
Win.ini (load=malware.exe or run=malware.exe)
Startup folder: Start->Programs->Startup
Windows Scheduler (task scheduler or "at" for scheduled tasks)
autoexec.bat - unknown files with .exe, .scr, .pif, .com, .bat
config.sys - unknown files
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
"legitimate" file names at wrong position or similar file names
(svchost in %SystemRoot%\Wins, taskmngr.exe, ...)
unknown services
anyone knows about this "secret" method in sub7
I heard, sub7 actually infects a system file, which is running, leaving its
functionality intact. I don't know whether this is true. But if, this would be nothing
new:
In the good old days, when virii have been shipped around on 5 1/4 discs ,
they attached themselves to .exe and .com files, leaving the "victims" working
intact, while at the same time, enabling themselves to spread around.
I am aware that such a question sounds rather suspicious. However,
full disclosure is the way to go in my opinion. Better one knows where these beasts
can hide, rather than ignorance.
Cheers.
[1] http://forums.governmentsecurity.org...showtopic=2721
[2] http://archives.neohapsis.com/archiv...3-04/0119.html
[3] http://www.mac-net.com/570488.page
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
-
March 4th, 2005, 02:13 AM
#8
Banned
Originally posted here by unhappy
anyone knows about this "secret" method in sub7
what are you trying to do? who are you trying to do it to?
-
March 4th, 2005, 03:24 AM
#9
i am not trying to "DO" anything
simply ... it says "secret" method and I just wanted to know what is so "secret" about it...
If it's just a plain .exe infector, it ain't so secret, is it?!
-
March 4th, 2005, 03:09 PM
#10
How do programs you istall modify the registry. I'm familiar w/ the interactive process via regedit, but installation inserts keys into an existing registry. How is that done??
edit
from what i understand you make a small reg file and then you just execute it and it will insert itself into the registry ...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|