你你你这叫少啊。In system, hobbyhorse trick concealing and go over eliminate 402444206 @ of method Chen Jian 05 computer shifts business affairs academy Xinjiang finance and economics university Abstract: Now hobbyhorse kind and quantity are more and more many in the network , how, discovering and eliminating their is difficult one Key words: Hobbyhorse go over eliminates system The "hobbyhorse" is a piece in preface system very the headache thing, we introduce hobbyhorse procedure trick concealing , automation loading method underneath first, before the way introducing answering specifically for these Self way "hobbyhorse" procedure "hobbyhorse" procedure is concealed is able to want to use up all way concealing self , whose main approach has: Conceal self in mission fence: This is the most fundamental , the attribute sets up for False , ShowInTaskBar sets up for False as long as with the Form Visible, cannot only be capable to do turn up time procedure work hitting the target in mission Conceal the body in mission administration implement: The hobbyhorse can pretend very relaxedly as long as procedure is set up for "system service " It also certainly is able to get it in gear silently , self strikes a "hobbyhorse" again after the consumer is unable to get it in gear every time coming to work to serve end picture bid , serve end therefore the "hobbyhorse" will be voluntarily laden during the period of the consumer gets it in gear every time, automation loading application method ", "hobbyhorse" city have used Windows time system starting, such as: Start the good local being that the "hobbyhorse" goes into hiding such as group , ini , ini , logon Check "hobbyhorse" if automation loading in ini document, [WINDOWS] underneath, "the run = " and "the load = " are to may add the approach being loaded with "hobbyhorse" procedure , must notice them Under ordinary circumstances , behind their equal mark what not having , start a document if discovering a later and having route and the document is not that you know well that, your computer has moved towards the above-average "hobbyhorse" of You also certainly have to watch clear, because of a lot of "hobbyhorse", if "AOLTrojan hobbyhorse ", it disguises oneself becoming the xe document, if not paying attention to may can not discover it is not a real system starting In ini document, have the "shell = document in underneath [BOOT] The correct document has ought to be "xe", if being not "xe" , but "shell = xe procedure , that procedure following then later has been "hobbyhorse" procedure , you have already been hit by a "hobbyhorse" in other Condition in form is the most complicated in the logon , order firing the logon form editor implement greatly by regedit, in the strike extremely: The automation starting document , expansion if having self under "HKEY-LOCAL-MACHINESoftwareMicrosoftWindowsCurrentVersionRun" catalogue , in checking the key value not knowing well that called EXE , must always remember that here: Oneself document, thinks of some "hobbyhorse" procedure come into being document very much like system by pretending to slide through a test, if "AcidB0 hobbyhorse ", it transforms the lower logon form "HKEY-LOCAL-MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun" Explorer key value into Explorer = "C: WINDOWSxe " ", the "hobbyhorse" only have "i" and the "l" difference between procedure and real E Still have much local certainly in logon form being able to conceal "hobbyhorse" procedure, such as ": HKEY-CURRENT-USERSoftwareMicrosoftWindowsCurrentVersionRun " ", HKEY-USERS * * * * all are in the cards under the SoftwareMicrosoftWindowsCurrentVersionRun " catalogue , the best way is the document finding "hobbyhorse" procedure under "HKEY-LOCAL-MACHINESoftwareMicrosoftWindowsCurrentVersionRun" , the reconnaissance is OK again in entire logon Check the operating principle killing a "hobbyhorse" having known a "hobbyhorse" , check to kill a "hobbyhorse" becoming very easy right If find that have a "hobbyhorse" existence, safety is also that effective method it is General Ma computer and network to disconnect most , prevent a hacker from carrying out go at on you by the