Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: how to start things at boot

  1. #1
    Banned
    Join Date
    Aug 2004
    Posts
    534

    how to start things at boot

    Is there s list of ways to start programs at boot time in Windows?

    I know one way is to put it in the start-up folder in the "Start" menu, which is relatively easy. I know that there are methods for setting up certain registry keys, but which are the ones that could be changed. Also how exactly do you "put" things into registry?

    I've also heard a way of starting things by "win.ini" files.

    Also, does anyone know what is the "secret" startup method that some versions of sub7 use?

  2. #2
    start >> run >> regedit

    HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/Run

    v_Ln

  3. #3
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    MSConfig will show you a lot of things. Caveat Hax0r

    REGEDT32 will give you access to the registry, whereby you can add, modify, and delete keys and values, much to the dismay of whomever will have to clean up the system after you've trashed it. Again, Caveat Hax0r. Editing the registry is not for the faint of heart. It's really not a big deal if you know what you are doing...much like running a lot of commands when logged into the console of a *nix server as root.

    These are just snigglets to get you started...I don't really know, but this is where I would be looking.

    /* Edit */

    Both of these are launched from START > RUN
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  4. #4
    and yet another: (i ain't retyping this!)

    Service Configuration

    A service is loaded on startup by either using svchost.exe or by windows directly launching the application. If a service is loaded directly by windows, the associated file name that launches the service can be found in the ImagePath value under the following registry entry

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\servicename

    When the service is being launched by svchost.exe, it will be placed in a particular service group, which is then launched by svchost.exe. A listing of these groups and the services that are launched under them can be found here:

    HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Svchost

    Under this key you will find various groups (netsvcs, LocalServices, etc) in which each contain multiple services that will be launched when the group is loaded by svchost.exe. These groups are loaded by the following command:

    svchost.exe -k netsvcs

    It will load all the services found under the netsvcs group in the above key and appear as one process under the process list. So each time a new group is loaded by svchost.exe, you will find a new svchost.exe process listed in memory. It is for this reason why there are multiple svchost.exe processes listed on a machine. If you are using Windows XP, as this command is not available on Windows 2000, you can see what services each svchost.exe process is controlling by running the following command from a command prompt: tasklist /SVC

    When a service is launched in this way, the actual filename for the service can be found here:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\servicename\Parameters\\ServiceDll

    The value of ServiceDLL is the actual service file that we want to be concerned with.

  5. #5
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    You can also start a program as a service... there are a couple tutorials on this site for that.
    One is by HTRegz and one by me.

    http://www.antionline.com/showthread...hreadid=244583
    http://www.antionline.com/showthread...hreadid=259842

    You can start a program per user, or for all users...

    for all users
    HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/Run

    for current user
    HKEY_CURRENT_USER/SOFTWARE/Microsoft/Windows/Run

    If you are not the current user... you can modify the specific user under
    HKEY_USERS/useryouwanttoeditSSID/SOFTWARE/Microsoft/Windows/Run

    You add stuff to the registry a variety of different ways...
    Manually editing the registry or via importing the reg keys.

    Before you go messing about with your registry... I suggest your REALLY read up on it.
    Make sure you back it up too. If you don't know what you're doing... you can fux0r your b0x0r.

    Those are the two main ways I do it.

    Aside from the startup box in the start menu.
    If you are using Nt/2k/XP, you can start a program just for a specific user or all users, depending on where you place the shortcut.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  6. #6
    Banned
    Join Date
    Aug 2004
    Posts
    534
    anyone knows about this "secret" method in sub7

  7. #7
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    If you want to know where malware is possibly hiding , I have maintained
    a little list - which might be far from complete. Part of it has already
    been mentioned here, some point haven't:
    (I haven't written down all sources, so I cannot give credit to
    whomever - edit: [1],[2],[3]). In the governmentsecurity[1], [coder]
    has a few more.

    Code:
            system.ini (Shell=Explorer.exe malware.exe) 
            Win.ini (load=malware.exe or run=malware.exe) 
    
            Startup folder:  Start->Programs->Startup
      	Windows Scheduler (task scheduler or "at" for scheduled tasks)
    
            autoexec.bat - unknown files with .exe, .scr, .pif, .com, .bat 
            config.sys - unknown files
     
            [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] 
            [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] 
            [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices] 
            [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce] 
            [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 
            [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] 
            [HKEY_CLASSES_ROOT\exefile\shell\open\command] 
            [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command] 
    
    
    	"legitimate" file names at wrong position or similar file names
    	(svchost in %SystemRoot%\Wins, taskmngr.exe, ...)
    
    	unknown services

    anyone knows about this "secret" method in sub7
    I heard, sub7 actually infects a system file, which is running, leaving its
    functionality intact. I don't know whether this is true. But if, this would be nothing
    new:
    In the good old days, when virii have been shipped around on 5 1/4 discs ,
    they attached themselves to .exe and .com files, leaving the "victims" working
    intact, while at the same time, enabling themselves to spread around.

    I am aware that such a question sounds rather suspicious. However,
    full disclosure is the way to go in my opinion. Better one knows where these beasts
    can hide, rather than ignorance.

    Cheers.


    [1] http://forums.governmentsecurity.org...showtopic=2721
    [2] http://archives.neohapsis.com/archiv...3-04/0119.html
    [3] http://www.mac-net.com/570488.page
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  8. #8
    Originally posted here by unhappy
    anyone knows about this "secret" method in sub7
    what are you trying to do? who are you trying to do it to?

  9. #9
    Banned
    Join Date
    Aug 2004
    Posts
    534
    i am not trying to "DO" anything

    simply ... it says "secret" method and I just wanted to know what is so "secret" about it...

    If it's just a plain .exe infector, it ain't so secret, is it?!

  10. #10
    Banned
    Join Date
    Aug 2004
    Posts
    534
    How do programs you istall modify the registry. I'm familiar w/ the interactive process via regedit, but installation inserts keys into an existing registry. How is that done??

    edit

    from what i understand you make a small reg file and then you just execute it and it will insert itself into the registry ...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •