工具不過是 INTERFACE

來源: f64 2004-01-21 22:25:00 [] [舊帖] [給我悄悄話] 閱讀數 : (2102 bytes)
本帖於 2004-02-06 15:24:48 時間, 由普通用戶 old-cotton 編輯

工具不過是 an interface to access the configurations stored somewhere. In windows, they are stored in registry. If you know the registry, you are certainly smarter than any tool. The only tool you need it regedit, it is basic but it does everything. Other complex, high level tools may have limitations, may be out of date... any more importantly you do not what the tools is doing under the hood. I do not trust these tools.

Basically there are 5 places those programs can start:

1 and 2: start up group of "all user" and current user.
3. HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun
4. HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun
5. as a service in HKLMSYSTEMCurrentControlSetServices

Keep a eye on those places and no trojen can start automatically. You eyes (more importantly the brain behind the eyes) are better than any tool.

What if you cannot start regedit (it says disabled by administrator) ? the malicious code did one more step by setting a policy key to disable it.

do this: put the following in notepad and save it as "xxx.reg". double click it and regedit is unlocked.
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"DisableRegistryTools"=dword:00000000

If you prefer a complex tool you can do it by gpedit.msc


what if in regedit you cannot change/delete these key? the code might have gone one step further by removing your permissions on the keys. In regedit you need to right click it and choose permissions to assign permissions to yourself. for xp this can be done within regedit. for earlier windows permissions must be assigned with regedt32.

老豬頭 was right. do not go to those high risk porno/warez sites unprotected. if you don't know how to make your pc more secure, at the very least, log on as a regular user (Users group member), not adimistrators member, before go there.






--文學城www.wenxuecity.com--

所有跟帖: 

f64老大說的全對,除了一樣。。。 :) -^@^,,)~- 給 ^@^,,)~ 發送悄悄話 (107 bytes) () 01/22/2004 postreply 09:22:00

請您先登陸,再發跟帖!