104ºØ¤ì°¨ªº¤â¤u²M°£¤èªk :
1. ¦Bªev1.1 v2.2
§@ªÌ¡G¶ÀøÊ ²M°£¤ì°¨v1.
1 ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run ·j´M¥H¤Uªº
¨âÓ¸ô®|¡A¨Ã§R°£ \" C:\\windows\\system\\ kernel32.exe\" \" C:\\windows\\system\\ sysexplr.exe\" Ãö³¬Regedit «·s±Ò°Ê¨ìMSDOS¤è¦¡
§R°£C:\\windows\\system\\ kernel32.exe©MC:\\windows\\system\\ sysexplr.exe¤ì°¨µ{§Ç «·s±Ò°Ê¡COK ²M°£¤ì°¨v2.2 ªA°È¾¹µ{§Ç¡B¸ô®|
¨Ï¥ÎªÌ¬O¥i¥HÀH·N©w¸q¡A¼g¤Jª`¥UªíªºÁä¦W¤]¥i¥H¦Û¤v©w¸q¡C ¦]¦¹¡A¤£¯à©ú½T»¡©ú¡C §A¥i¥H¹î¬Ýª`¥Uªí¡A§â¥iºÃªº¤å¥ó¸ô®|
§R°£¡C «·s±Ò°Ê¨ìMSDOS¤è¦¡ §R°£©óª`¥Uªí¬Û¹ïÀ³ªº¤ì°¨µ{§Ç «·s±Ò°ÊWindows¡COK
2. Acid Battery v1.0
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run §R°£¥kÃ䪺Explorer =\"C:\\WINDOWS\\expiorer.exe\" Ãö³¬Regedit «·s±Ò°Ê¨ìMSDOS¤è¦¡ §R°£c:\\windows\\expiorer.exe¤ì°¨µ{
§Ç ª`·N¡G¤£n§R°£¥¿½TªºExpLorer.exeµ{§Ç¡A¥¦Ì¤§¶¡¥u¦³i»PLªº®t§O¡C «·s±Ò°Ê¡COK
3. Acid Shiver v1.0 + 1.0Mod + lmacid
²M°£¤ì°¨ªº¨BÆJ¡G «·s±Ò°Ê¨ìMSDOS¤è¦¡ §R°£C:\\windows\\MSGSVR16.EXE µM¦Z¦^¨ìWindows¨t²Î ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø
¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run §R°£¥kÃ䪺Explorer = \"C:\\WINDOWS
\\MSGSVR16.EXE\" HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices §R°£¥kÃ䪺Explorer =
\"C:\\WINDOWS\\MSGSVR16.EXE\" Ãö³¬Regedit «·s±Ò°Ê¡COK «·s±Ò°Ê¨ìMSDOS¤è¦¡ §R°£C:\\windows\\wintour.exeµM¦Z¦^¨ì
Windows¨t²Î ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run
§R°£¥kÃ䪺Wintour = \"C:\\WINDOWS\\WINTOUR.EXE\" HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows
\\CurrentVersion\\RunServices §R°£¥kÃ䪺Wintour = \"C:\\WINDOWS\\WINTOUR.EXE\" Ãö³¬Regedit «·s±Ò°Ê¡COK
4. Ambush
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺zka = \"zcn32.exe\" Ãö³¬Regedit «·s±Ò°Ê¨ìMSDOS¤è¦¡ §R°£C:\\Windows\\ zcn32.exe «·s±Ò°Ê¡COK
5. AOL Trojan
²M°£¤ì°¨ªº¨BÆJ¡G ±Ò°Ê¨ìMSDOS¤è¦¡ §R°£C:\\ command.exe¡]§R°£«e¨ú®ø¤å¥óªºÁô§tÄÝ©Ê¡^ ª`·N¡G¤£n§R°£¯uªºcommand.com
¤å¥ó¡C §R°£C:\\ americ~1.0\\buddyl~1.exe¡]§R°£«e¨ú®ø¤å¥óªºÁô§tÄÝ©Ê¡^ §R°£C:\\ windows\\system\\norton~1\\regist~1.exe¡]§R°£«e
¨ú®ø¤å¥óªºÁô§tÄÝ©Ê¡^ ¥´¶}WIN.INI¤å¥ó ¦b[WINDOWS]¤U±\"run=\"©M\"load=\"³£¥[¸üªÌ¯S¬¥¥ì¤ì°¨µ{§Çªº¸ô®|¡A¥²¶·²M°£¥¦
Ì¡G run= load= «O¦sWIN.INI ÁÙn§ï¥¿ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows
\\CurrentVersion\\Run §R°£¥kÃ䪺WinProfile = c:\\command.exe Ãö³¬Regedit¡A«·s±Ò°ÊWindows¡COK
6. Asylum v0.1, 0.1.1, 0.1.2, 0.1.3 + Mini 1.0, 1.1
²M°£¤ì°¨ªº¨BÆJ¡G ª`·N¡G¤ì°¨µ{§Ç¹w³]¤å¥ó¦W¬Owincmp32.exe¡AµM¦Óµ{§Ç¥i¥HÀH·N§ïÅܤå¥ó¦W¡C §ÚÌ¥i¥H®Ú¾Ú¤ì°¨×§ïªº
system.ini©Mwin.ini¨âÓ¤å¥ó¨Ó²M°£¤ì°¨¡C ¥´¶}system.ini¤å¥ó ¦b[BOOT]¤U±¦³Ó\"shell=¤å¥ó¦W\"¡C¥¿½Tªº¤å¥ó¦W¬Oexplorer.exe ¦p
ªG¤£¬O\"explorer.exe\"¡A¨º»ò¨ºÓ¤å¥ó´N¬O¤ì°¨µ{§Ç¡A§â¥¦·j´M¥X¨Ó¡A§R°£¡C «O¦s°h¥Xsystem.ini ¥´¶}win.ini¤å¥ó ¦b[WINDOWS]
¤U±¦³Órun= ¦pªG§A¬Ý¨ì=¦Z±¦³¸ô®|¤å¥ó¦W¡A¥²¶·§â¥¦§R°£¡C ¥¿½TªºÀ³¸Ó¬Orun=¦Z±¤°»ò¤]¨S¦³¡C =¦Z±ªº¸ô®|¤å¥ó¦W´N¬O
¤ì°¨¡A§â¥¦·j´M¥X¨Ó¡A§R°£¡C «O¦s°h¥Xwin.ini¡C OK
7. AttackFTP
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}win.ini¤å¥ó ¦b[WINDOWS]¤U±¦³load=wscan.exe §R°£wscan.exe ¡A¥¿½T¬Oload= «O¦s°h¥Xwin.ini¡C ¥´¶}ª`
¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run §R°£¥kÃ䪺Reminder=
\"wscan.exe /s\" Ãö³¬Regedit¡A«·s±Ò°Ê¨ìMSDOS¨t²Î¤¤ §R°£C:\\windows\\system\\ wscan.exe OK
8. Back Construction 1.0 - 2.5
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run §R°£¥kÃ䪺\"C:\\WINDOWS\\Cmctl32.exe\" Ãö³¬Regedit¡A«·s±Ò°Ê¨ìMSDOS¨t²Î¤¤ §R°£C:\\WINDOWS\\Cmctl32.exe OK
9. BackDoor v2.00 - v2.03
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run §R°£¥kÃ䪺\'c:\\windows\\notpa.exe /o=yes\' Ãö³¬Regedit¡A«·s±Ò°Ê¨ìMSDOS¨t²Î¤¤ §R°£c:\\windows\\notpa.exe ª`·N¡G¤£n§R
°£¯u¥¿ªºnotepad.exeµ§°O¥»µ{§Ç ¢Ý¢Ù
10. BF Evolution v5.3.12
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run §R°£¥kÃ䪺(Default)=\" \" Ãö³¬Regedit¡A¦A¦¸«·s±Ò°Ê¹q¸£¡C ±NC:\\windows\\system\\ .exe¡]ªÅ®æexe¤å¥ó¡^ ¢Ý¢Ù
11. BioNet v0.84 - 0.92 + 2.21 0.8Xª©¥»¬O¹B¦æ¦bWin95/98 0.9X¥H¤Wª©¥»¦³¹B¦æ¦bWin95/98 ©MWinNT¤W¨âÓ³nÅé «È¤á¡ÐªA°È¾¹¨ó
ij¬O¤@¼Ëªº¡A¦]¦ÓNT«È¤á¯à¶Â95/98³Q·P¬Vªº¾÷¾¹¡A©MWin95/98«È¤á¯à¶ÂNT³Q·P¬Vªº¨t²Î§¹¥þ¤@¼Ë¡C
²M°£¤ì°¨ªº¨BÆJ¡G º¥ý·Ç³Æ¤@±i98ªº±Ò°Ê½L¡A¥Î¥¦±Ò°Ê¦Z¡A¶i¤Jc:\\windows¥Ø¿ý¤U¡A¥Îattrib libupd~1.exe -h ©R¥OÅý¤ì°¨µ{§Ç¥i
¨£¡AµM¦Z§R°£¥¦¡C ©â¥X³n¦¡ºÏºÐ¾÷¦Z«·s±Ò°Ê¡A¶i¤J98¤U¡A¦bª`¥Uªí¨½§ä¨ì¡G HKEY_LOCAL_MACHINE\\SOFTWARE
\\Microsoft\\Windows\\CurrentVersion\\Run\\ ªº¤lÁäWinLibUpdate = \"c:\\windows\\libupdate.exe -hide\" ±N¦¹¤lÁä§R°£¡C
12. Bla v1.0 - 5.03
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run §R°£¥kÃ䪺Systemdoor = \"C:\\WINDOWS\\System\\mprdll.exe\" Ãö³¬Regedit¡A«·s±Ò°Ê¹q¸£¡C ·j´M¨ìC:\\WINDOWS\\System
\\mprdll.exe©M C:\\WINDOWS\\system\\rundll.exe ª`·N¡G¤£n§R°£C:\\WINDOWS\\RUNDLL.EXE¥¿½T¤å¥ó¡C ¨Ã§R°£¨âÓ¤å¥ó¡C OK
13. BladeRunner
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run ¥i¥H§ä¨ìSystem-Tray = \"c:\\something\\something.exe\" ¥kÃ䪺¸ô®|¥i¯à¬O¥ô¦óªF¦è¡A³o®É§A¤£»Ýn§R°£¥¦¡A¦]¬°¤ì°¨·|¥ß§Y
¦Û°Ê¥[¤W¡A§A»Ýnªº¬O°O¤U¤ì°¨ªº¦W¦r»P¥Ø¿ý¡AµM¦Z°h¦^¨ìMS-DOS¤U¡A§ä¨ì¦¹¤ì°¨¤å¥ó¨Ã§R°£±¼¡C «·s±Ò°Ê¹q¸£¡AµM¦Z«´_
²Ä¤@¨B¡A¦bª`¥Uªí¤¤§ä¨ì¤ì°¨¤å¥ó¨Ã§R°£¦¹Áä¡C
14. Bobo v1.0 - 2.0
²M°£¤ì°¨v1.0 ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run
§R°£¥kÃ䪺DirrectLibrarySupport =\"C:\\WINDOWS\\SYSTEM\\Dllclient.exe\" Ãö³¬Regedit¡A«·s±Ò°Ê¹q¸£¡C DEL C:\\Windows\\System
\\Dllclient.exe OK ²M°£¤ì°¨v2.0 ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_USER/.Default/Software/Mirabilis/ICQ/Agent/Apps/ICQ Accel/
ICQ Accel¬O¤@Ó¡§°²¶H¡§ªº¥DÁä¡A¿ï¤¤ICQ Accel¥DÁä¨Ã§â¥¦§R°£¡C «·s±Ò°Ê¹q¸£¡COK
15. BrainSpy vBeta
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run ¥kÃ䦳 ??? = \"C:\\WINDOWS\\system\\BRAINSPY .exe\" ???¼Ðñ¿ï¬OÀH·N§ïÅܪº¡C Ãö³¬Regedit¡A«·s±Ò°Ê¹q¸£ ·j´M§R°£C:
\\WINDOWS\\system\\BRAINSPY .exe ¢Ý¢Ù
16. Cain and Abel v1.50 - 1.51 ³o¬O¤@Ó¤f¥O¤ì°¨ ¶i¤JMS-DOS¤è¦¡ ·j´M¨ìC:\\windows\\msabel32.exe ¨Ã§R°£¥¦¡C¢Ý¢Ù
17. Canasson
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}WIN.INI¤å¥ó ·j´Mc:\\msie5.exe¡A§R°£¥þ³¡¥DÁä «O¦swin.ini «·s±Ò°Ê¹q¸£ §R°£c:\\msie5.exe¤ì°¨¤å¥ó ¢Ý¢Ù
18. Chupachbra
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}WIN.INI¤å¥ó [Windows]ªº¤U±¦³¨âÓ¦æ run=winprot.exe load=winprot.exe §R°£winprot.exe run= load= «O¦s
Win.ini¡A¦A¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\MicroSoft\\Windows\\CurrentVersion\\Run §R
°£¥kÃ䪺\'System Protect\' = winprot.exe «·s±Ò°ÊWindows ·j´M¨ìC:\\windows\\system\\ winprot.exe¡A¨Ã§R°£¡C ¢Ý¢Ù
19. Coma v1.09
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\MicroSoft\\Windows\\CurrentVersion
\\Run §R°£¥kÃ䪺\'RunTime\' = C:\\windows\\msgsrv36.exe «·s±Ò°ÊWindows ·j´M¨ìC:\\windows\\ msgsrv36.exe¡A¨Ã§R°£¡C ¢Ý¢Ù
20. Control
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\MicroSoft\\Windows\\CurrentVersion
\\Run §R°£¥kÃ䪺Load MSchv Drv = C:\\windows\\system\\MSchv.exe «O¦sRegedit¡A«·s±Ò°ÊWindows ·j´M¨ìC:\\windows\\system
\\MSchv.exe¡A¨Ã§R°£¡C ¢Ý¢Ù
21. Dark Shadow
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\MicroSoft\\Windows\\CurrentVersion
\\RunServices §R°£¥kÃ䪺winfunctions=\"winfunctions.exe\" «O¦sRegedit¡A«·s±Ò°ÊWindows ·j´M¨ìC:\\windows\\system\\
winfunctions.exe¡A¨Ã§R°£¡C ¢Ý¢Ù
22. DeepThroat v1.0 - 3.1 + Mod (Foreplay)
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\MicroSoft\\Windows\\CurrentVersion
\\Run ª©¥»1.0 §R°£¥kÃ䪺¶µ¥Ø\'System32\'=c:\\windows\\system32.exe ª©¥»2.0-3.1 §R°£¥kÃ䪺¶µ¥Ø\'SystemTray\' = \'Systray.exe\' «O¦s
Regedit¡A«·s±Ò°ÊWindows ª©¥»1.0§R°£c:\\windows\\system32.exe ª©¥»2.0-3.1 §R°£c:\\windows\\system\\systray.exe ¢Ý¢Ù
23. Delta Source v0.5 - 0.7
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\MicroSoft\\Windows\\CurrentVersion
\\Run §R°£¥kÃ䪺¶µ¥Ø¡GDS admin tool = C:\\TEMPSERVER.exe «O¦sRegedit¡A«·s±Ò°ÊWindows ·j´M¨ìC:\\TEMPSERVER.exe¡A¨Ã
§R°£¥¦¡C ¢Ý¢Ù
24. Der Spaeher v3
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\MicroSoft\\Windows\\CurrentVersion
\\Run §R°£¥kÃ䪺¶µ¥Ø¡Gexplore = \"c:\\windows\\system\\dkbdll.exe \" «O¦sRegedit¡A«·s±Ò°ÊWindows §R°£c:\\windows\\system
\\dkbdll.exe¤ì°¨¤å¥ó¡C ¢Ý¢Ù
25. Doly v1.1 - v1.7 (SE)
²M°£¤ì°¨V1.1-V1.5ª©¥»¡G ³o´XӤ차ª©¥»ªº¤ì°¨µ{§Ç©ñ¦b¤T³B¡A¼W¥[¤GÓª`¥U¶µ¥Ø¡AÁÙ¼W¥[¨ìWin.ini¶µ¥Ø¡C º¥ý¡A¶i¤JMS-
DOS¤è¦¡¡A§R°£¤TӤ차µ{§Ç¡A¦ýV1.35ª©¥»¦h¤@Ӥ차¤å¥ómdm.exe¡C §â¤U¦C¦U¶µ¥þ³¡§R°£¡G C:\\WINDOWS\\SYSTEM\\tesk.sys
C:\\WINDOWS\\Start Menu\\Programs\\Startup\\mstesk.exe c:\\Program Files\\MStesk.exe c:\\Program Files\\Mdm.exe «·s±Ò°ÊWindows¡C
±µµÛ¡A¥´¶}win.ini¤å¥ó §ä¨ì[WINDOWS]¤U±load=c:\\windows\\system\\tesk.exe¶µ¥Ø¡A§R°£¸ô®|¡A§ïÅܬ°load= «O¦swin.ini¤å¥ó¡C ³Ì
¦Z¡Aקïª`¥UªíRegedit §ä¨ì¥H¤U¨âÓ¶µ¥Ø¨Ã§R°£¥¦Ì HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run
Ms tesk = \"C:\\Program Files\\MStesk.exe\" ©M HKEY_USER\\.Default\\Software\\Microsoft\\Windows\\CurrentVersion\\Run Ms tesk = \"C:
\\Program Files\\MStesk.exe\" ¦A´M§ä¨ìHKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\ss ³oÓ²Õ¬O¤ì°¨ªº¥þ
³¡°Ñ¼Æ¿ï¾Ü©M³]¸mªºªA°È¾¹¡A§R°£³oÓss²Õªº¥þ³¡¶µ¥Ø¡C Ãö³¬«O¦sRegedit¡C ÁÙ¦³¥´¶}C:\\AUTOEXEC.BAT¤å¥ó¡A§R°£ @echo off
copy c:\\sys.lon c:\\windows\\StartMenu\\Startup Items\\ del c:\\win.reg Ãö³¬«O¦sautoexec.bat¡C ¢Ý¢Ù ²M°£¤ì°¨V1.6ª©¥»¡G ¸Ó¤ì°¨¹B¦æ
®É¡A±N¤£¯à³q¹L98ªº¥¿±`¾Þ§@Ãö³¬¡A¥u¯àRESETÁä¡C¹ý©³²M°£¨BÆJ¦p¤U¡G 1¡D¥´¶}±±¨î±ªO--²K¥[§R°£µ{§Ç--§R°£memory
manager 3.0¡A³o´N¬O¤ì°¨µ{§Ç¡A¦ý¬O¥¦¨Ã¤£·|§â¤ì°¨ªºEXE¤å¥ó§R°£±¼¡C 2¡D¥Î98©ÎDOS±Ò°Ê½L±Ò°Ê¡]¥ÎRESETÁä¡^¦Z¡AÂà¤JC:
\\¡A½s¿èAUTOEXEC¡CBAT¡A§â¦p¤U¤º®e§R°£¡G @echo off copy c:\\sys.lon c:\\windows\\startm~1\\programs\\startup\\mdm.exe del c:
\\win.reg «O¦sAUTOEXEC¡CBAT¤å¥ó¨Ãªð¦^DOS¦Z¡A¦bC¡G\\®Ú¥Ø¿ý¤U§R°£¤ì°¨¤å¥ó¡G del sys.lon del windows\\startm~1\\programs
\\startup\\mdm.exe del progra~1\\mdm.exe 3¡D©â¥X³n¦¡ºÏºÐ¾÷«·s±Ò°Ê¡A¶i¤J98¦Z¡A§âc:\\program files\\¥Ø¿ý¤Uªºmemory manager ¥Ø
¿ý§R°£¡C ²M°£¤ì°¨V1.7ª©¥»¡G º¥ý¡A¥´¶}C:\\AUTOEXEC.BAT¤å¥ó¡A§R°£ @echo off copy c:\\sys.lon c:\\windows\\startm~1
\\programs\\startup\\mdm.exe del c:\\win.reg Ãö³¬«O¦sautoexec.bat µM¦Z¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE
\\SOFTWARE\\MicroSoft\\Windows\\CurrentVersion\\Run §ä¨ìc:\\windows\\system\\mdm.exe¸ô®|¨Ã§R°£³oÓ¶µ¥Ø ÂIÀ»¥Ø¿ý¦Ü¡G
HKEY_USER/.Default/Software/Marabilis/ICQ/Agent/Apps/ §ä¨ì\"C:\\windows\\system\\kernal32.exe\"¸ô®|¨Ã§R°£³oÓ¶µ¥Ø Ãö³¬«O¦s
Regedit¡C«·s±Ò°ÊWindows¡C ³Ì¦Z¡A§R°£¥H¤U¤ì°¨µ{§Ç¡G c:\\sys.lon c:\\iecookie.exe c:\\windows\\start menu\\programs\\startup
\\mdm.exe c:\\program files\\mdm.exe c:\\windows\\system\\mdm.exe c:\\windows\\system\\kernal32.exe ª`·N¡Gkernal32¬O¢Ï ¢Ý¢Ù
26. Donald Dick v1.52 - 1.55
²M°£¤ì°¨V1.52-1.53ª©¥»¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\system\\CurrentControlSet\\Services\\VxD
\\VMLDIR\\ §R°£¥kÃ䪺¶µ¥Ø¡GStaticVxD = \"vmldir.vxd\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\WINDOWS\\System
\\vmldir.vxd ¢Ý¢Ù ²M°£¤ì°¨V1.54-1.55ª©¥»¡G ³o¨âÓª©¥»¸ò¤W±ªºª©¥»¥u¬O¹w³]¤å¥ó¦W¤£¦P¡A¨ä¥¦³£¤@¼Ë¡A §âvmldir.vxd§ï¬°
intld.vdx§Y¥i¡C
27. Drat v1.0 - 3.0b
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡Ghkey_classes_root\\exefile\\shell\\open\\command §ä¨ì@=SHELL32 \\\"%1\\\" %*
§â¥¦§ó§ï¬°@=\"%1\" %* Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows¡C ·j´Mc:\\windows\\¤Ushell32¡D¡¯¤å¥ó¡A¨Ã§R°£¥¦¡C ¢Ý¢Ù
28. Eclipse 2000
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡Gbybt = \"c:\\windows\\system\\eclipse2000.exe\" ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE
\\Microsoft\\Windows\\CurrentVersion\\ RunServices\\ §R°£¥kÃ䪺¶µ¥Ø¡Gcksys = \"c:\\windows\\system\\ could be anything .exe\" Ãö³¬«O¦s
Regedit¡A«·s±Ò°ÊWindows ·j´M¨ìeclipse2000.exe¤ì°¨¤å¥ó¡A¨Ã§R°£
29. Eclypse v1.0
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GRnaapp =\"C:\\WINDOWS\\SYSTEM\\rmaapp.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:
\\WINDOWS\\SYSTEM\\rmaapp.exe ª`·N¡G¤£n§R°£Rnaapp.exe ¢Ý¢Ù
30. Executer v1
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ ¦b¥kÃ䪺¶µ¥Ø·j´M¨ì\"C:\\windows\\sexec.exe\"¡A¨Ã§R°£¡C Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows ¬ÛÀ³§R°£¤ì°¨µ{§Ç¤å¥ó¡C
¢Ý¢Ù
31. FakeFTP beta
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GRundll32 = rundll3.tww /h Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §ä¨ìC:\\windows\\¤å¥ó§¨¤Uªº¤TÓ¤å¥ó¨Ã
§R°£¥¦Ì rundll3.bat - 9x.reg - nt.reg ¢Ý¢Ù
32. Forced Entry
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GMicrosoftRegistration32 = \"C:\\somepath \\trojanhrs.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows ¥Ñ©ó¸ô®|®e
©ö§ïÅÜ¡A¥un·j´M¨ìtrojanhrs.exe¡A¨Ã§R°£¥¦¡C
33. GateCrasher v1.0 - 1.2
²M°£¤ì°¨v1.0¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GExplore=\'c:\\windows\\explore.exe\' Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows µM¦Z¡A§R°£¬ÛÀ³ªº¤ì°¨µ{§Ç¡C
¢Ý¢Ù ²M°£¤ì°¨v1.1¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows
\\CurrentVersion\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GInet=\'EXPLORE.EXE\' Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows µM¦Z¡A§ä¨ì¬ÛÀ³ªº¤ì°¨µ{
§Ç¡A¨Ã§R°£¡C ¢Ý¢Ù ²M°£¤ì°¨v1.2¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows
\\CurrentVersion\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GCommand = \'c:\\windows\\system.exe\' Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows µM¦Z¡A§ä¨ì¬Û
À³ªº¤ì°¨µ{§Ç¡A¨Ã§R°£¡C ¢Ý¢Ù
34. Girlfriend v1.3x (Including Patch 1 and 2)
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GWindll.exe =\"C:\\windows\\windll.exe\" Regedit¨½¤]«O¦sµÛªA°È¾¹ªº¸ê®Æ HKEY_LOCAL_MACHINE
\\SOFTWARE\\Microsoft\\General §R°£General¶µ¥Ø¼ÐÃD Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows µM¦Z¡A§ä¨ì¬ÛÀ³ªº¤ì°¨µ{§Ç¡A¨Ã§R
°£¡C ¢Ý¢Ù
35. Golden Retreiver v1.1b
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GTask Manager=\"c:\\mstask.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows µM¦Z¡A§ä¨ì¬ÛÀ³ªº¤ì°¨µ{§Ç¡A¨Ã§R
°£¡C ¢Ý¢Ù
36. Hack`a`Tack 1.0 - 2000
²M°£¤ì°¨v1.0-1.2¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GExplorer32 =\"C:\\windows\\Expl32.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows µM¦Z¡A§ä¨ì¬ÛÀ³ªº¤ì°¨µ{
§Ç¡A¨Ã§R°£¡C ¢Ý¢Ù ²M°£¤ì°¨v2000¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft
\\Windows\\CurrentVersion\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GConfiguration Wizard = c:\\windows\\cfgwiz32.exe Ãö³¬«O¦sRegedit¡A«·s±Ò°Ê
Windows §R°£c:\\windows\\cfgwiz32.exe ¢Ý¢Ù
37. Hack99 KeyLogger
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GHKeyLog = \"C:\\Windows\\System\\HKeyLog.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\Windows
\\System\\HKeyLog.exe ¢Ý¢Ù
38. HostControl v1.0
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GRegClean = \"c:\\windows\\inf\\regcle32.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£c:\\windows\\inf
\\regcle32.exe ¢Ý¢Ù
39. Hvl Rat v5.30
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GExplorer = \"C:\\WINDOWS\\system\\MSGSVR16.EXE\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:
\\WINDOWS\\system\\MSGSVR16.EXE ¢Ý¢Ù
40. ik97 v1.2
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡Gik = \'c:\\progra~1\\ik\\ik.exe\' Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\Program Files\\ik\\ik.exe ¢Ý¢Ù
41. InCommand v1.0 - 1.5
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §ä¨ì¥kÃ䪺¶µ¥Ø¡GAdvancedSettings = * ª`·N¡G*ªí¥Ü´N¬O¤ì°¨ªº¦s©ñ¸ô®|»P¤å¥ó¦W¡A°O¤U¦Z§R°£¦¹Áä¡C Ãö³¬«O¦s
Regedit¡A«·s±Ò°ÊWindows «ö·Óè¤~°O¤Uªº¤ì°¨¸ô®|»P¤å¥ó¦W§R°£¤ì°¨µ{§Ç¡C
42. IndocTrination v0.1 - v0.11
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices\\ HKEY_LOCAL_MACHINE
\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\ HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows
\\CurrentVersion\\RunServicesOnce\\ ¨C¶µ¼ÐÃD³£¥]¬AMsgsrv16 =\"Msgsrv16\"¶µ¥Ø §R°£¨CÓ¶µ¥Ø Ãö³¬«O¦sRegedit¡A«·s±Ò°Ê
Windows §R°£C:\\windows\\system\\msgserv16.exe ¢Ý¢Ù
43. inet v2.0 - 2.0n
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GExplorer = \"C:\\WINDOWS\\system\\inet.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£\"C:\\WINDOWS
\\system\\inet.exe\" §R°£\"C:\\WINDOWS\\system\\inet.dll\" ¢Ý¢Ù
44. Infector v1.0 - 1.42
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}system.ini¤å¥ó §ä¨ìshell=explorer.exe c:\\path\\to\\trojan.exe¶µ¥Ø §ï¬°¡Gshell=explorer.exe «O¦sÃö³¬system.ini
¤å¥ó¡A«·s±Ò°ÊWindows §R°£c:\\path\\to\\trojan.exe ¢Ý¢Ù
45. iniKiller v1.2 - 3.2 Pro
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GExplore=\"C:\\windows\\bad.exe \" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\windows\\bad.exe ¢Ý¢Ù
46. Intruder
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GPPModule1 = \'ppmod1.sys\' Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\windows\\system\\ ppmod1.sys §R
°£C:\\windows\\system\\ ppmod2.sys ¢Ý¢Ù
47. IRC3
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}win.ini¤å¥ó §ä¨ìload=closew¶µ¥Ø¡A§ó§ï¬°¡Gload= «O¦sÃö³¬win.ini¡A«·s±Ò°ÊWindows ·j´M³o¨âÓ¤å¥ó
\'rundlls.exe\' ¡B\'closew.bat\' ¨Ã§R°£¥¦Ì¡C ¢Ý¢Ù
48. Kaos v1.1 - 1.3
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GSys=\"c:\\windows\\shell32.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£c:\\windows\\shell32.exe ¢Ý¢Ù
49. Khe Sanh v2.0
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GTBoot0001=\"c:\\windows\\system\\trjp.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£c:\\windows\\system
\\trjp.exe ¢Ý¢Ù
50. Kuang logger
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GK2logas.task =\"C:\\WINDOWS\\SYSTEM\\K2logas.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:
\\WINDOWS\\SYSTEM\\K2logas.exe ¢Ý¢Ù
51. Kuang Original - 0.34
²M°£¤ì°¨v Originalª©¥»¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows
\\CurrentVersion\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GTemp$1.task = \"c:\\windows\\system\\temp$1.exe\" ²M°£¤ì°¨v 0.20-0.21ª©¥»¡G ÂIÀ»¥Ø¿ý
¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GK2PS.task = \"c:\\windows
\\system\\k2ps.exe\" ²M°£¤ì°¨v 0.30-0.34ª©¥»¡G ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows
\\CurrentVersion\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GK2PS_full.task = \"c:\\windows\\system\\k2ps_full.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows
·j´M¬Û¹ïÀ³ªº¤ì°¨µ{§Ç¡A¨Ã§R°£¡C ¢Ý¢Ù
52. Logger
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡G??? = \"C:\\windows\\system\\logged.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\WINDOWS
\\SYSTEM\\ logged.exe ¢Ý¢Ù
53. Magic Horse
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GSpoolerService=\"c:\\windows\\spoolsrv.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£c:\\windows
\\spoolsrv.exe ¢Ý¢Ù
54. Malicious
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_USERS\\.Default\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies
\\ §R°£¥kÃ䪺¤Ó¶µ¥Ø¡GDisableRegistryTools NoRun NoFind NoDesktop NoClose Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows OK
55. Masters Paradise
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GSYSEDIT = c:\\windows\\ sysedit.exe HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows
\\CurrentVersion\\RunServices §R°£¥kÃ䪺¶µ¥Ø¡GExplorer = c:\\......\\agent.exe Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows ·j´M¨ì¤ì°¨µ{
§Ç¡A¨Ã§R°£¥¦Ì¡C ª`·N¡Gc:\\windows\\system\\¤U±ªºsysedit.exe¤å¥ó¬O¤£¬O19KB¡A¦pªG¤£¬O»¡©ú¥H³Q¤ì°¨·P¬V¡A§R°£¥¦¡C ¢Ý¢Ù
56. Matrix v1.0 - 2.0
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡G??? =\"C:\\WINDOWS\\Wincfg.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\WINDOWS\\Wincfg.exe
¢Ý¢Ù
57. MBK
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ ·j´M¨Ã§R°£¥kÃ䪺¶µ¥Ø¡GExplorer =\" \"¦Z±¬O\"mbt.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows ·j´Mmbt.exe¨Ã§R°£ ¢Ý¢Ù
58. Millenium v1.0 - 2.0
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GMillenium = \"C:\\windows\\system\\reg66.exe \" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\windows
\\system\\reg66.exe ¢Ý¢Ù
59. Mine
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡G Windows = \'c:\\msdos98.exe\' Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£c:\\msdos98.exe ¥´¶}win.ini¤å¥ó
·j´M¨ìrun=c:\\windows\\uninstallms.exe §ó§ï¬°¡Grun= Ãö³¬«O¦swin.ini¡A«·s±Ò°ÊWindows del c:\\msdos98.exe del c:\\windows\\uninst~
1.exe del c:\\windows\\system\\mine.exe ¢Ý¢Ù
60. MoSucker
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}system.ini¤å¥ó ·j´M¨ìshell=Explorer.exe unin0686.exe §ó§ï¬°¡Gshell= Explorer.exe Ãö³¬«O¦ssystem.ini¡A«·s
±Ò°ÊWindows §R°£C:\\windows\\unin0686.exe ¢Ý¢Ù
61. Naebi v2.12 - 2.40
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_CURRENT_USER\\Software\\Mirabilis\\ICQ\\Agent\\Apps\\ICQ v2.12§R°£
¥kÃ䪺¶µ¥Ø¡Gpath= \"C:\\windows\\msramgr.exe \" v2.15§R°£¥kÃ䪺¶µ¥Ø¡Gpath= \"C:\\windows\\ msdll32.exe \" v2.19§R°£¥kÃ䪺¶µ
¥Ø¡Gpath= \"C:\\windows\\ naebi219.exe \" v2.xx§R°£¥kÃ䪺¶µ¥Ø¡Gpath= \"C:\\windows\\ naebi219.exe \"¤å¥ó¦W¥i¯àÁÙ¬Onaebi.exe ,
ns220.exe, ns227, ns231, ns234 Ãö³¬«O¦sRegedit v2.34©M¤W±¬Û¦P¡A¦ý¥¦¦bwin.ini¼W¥[¤F±Ò°Ê ¥´¶}win.ini¤å¥ó §ârun=¦Z±ªº¸ô®|§R
°£ Ãö³¬«O¦swin.ini¡A«·s±Ò°ÊWindows ·j´M¬ÛÀ³ªº¤ì°¨µ{§Ç¡A¨Ã§R°£ ¢Ý¢Ù
62. NetController v1.08
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GSystem = \'c:\\windows\\system.exe\' Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£c:\\windows\\system.exe ¢Ý¢Ù
63. NetRaider v0.0
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GRsrcnrs = \'C:\\windows\\rsrcnrs.exe\' Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\windows\\rsrcnrs.exe ¢Ý¢Ù
64. NetSphere v1.0 - 1.31337
²M°£¤ì°¨v1.0-1.30¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GNSSX =\"C:\\WINDOWS\\system\\nssx.exe\" HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows
\\CurrentVersion\\Run HKEY_USERS\\****\\Software\\Microsoft\\Windows\\CurrentVersion\\Run §R°£¶µ¥Ø¦P¤W¡C Ãö³¬«O¦sRegedit¡A«
·s±Ò°ÊWindows §R°£C:\\WINDOWS\\system\\nssx.exe ¢Ý¢Ù ²M°£¤ì°¨v1.30-1.31337¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GExecPowerProfile =\"C:
\\WINDOWS\\system\\epp32.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\WINDOWS\\system\\epp32.exe ¢Ý¢Ù
65. NetSpy v1.0 - 2.0
²M°£¤ì°¨v1.0¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GSysProtect = \"c:\\windows\\system\\system.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£c:\\windows
\\system\\system.exe ¢Ý¢Ù ²M°£¤ì°¨v2.0¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft
\\Windows\\CurrentVersion\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GNetspy = \"netspy.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows ·j´M¨ìnetspy.exe¡A
¨Ã§R°£ ¢Ý¢Ù
66. NetTrojan v1.0
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡G*** = \"C:\\WINDOWS\\System\\glide16.exe\" Ãö³¬«O¦sRegedit ¥´¶}win.ini¤å¥ó ·j´M¨ìrun=c:\\windows
\\fxp.exe §ârun=¦Z±ªº¸ô®|§R°£ Ãö³¬«O¦swin.ini¡A«·s±Ò°ÊWindows ·j´M¬ÛÀ³ªº¤ì°¨µ{§Ç¡A¨Ã§R°£ ¢Ý¢Ù
67. Nirvana / VisualKiller v1.94 - 1.95
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GTheDoor = \'c:\\windows\\fonts\\ariel.exe\' Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£c:\\windows\\fonts
\\ariel.exe ¢Ý¢Ù
68. Phaze Zero v1.0b + 1.1
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GMsgServ = \"msgsvr32.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows ·j´M¬ÛÀ³ªº¤ì°¨µ{§Ç¡A¨Ã§R°£ ¢Ý¢Ù
69. Prayer v1.2 - 1.5
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GSysFiles = \"C:\\WINDOWS\\System\\dlls32.exe\" HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows
\\CurrentVersion\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GSysFiles = \"C:\\WINDOWS\\System\\dlls32.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£
C:\\WINDOWS\\System\\dlls32.exe ¢Ý¢Ù
70. PRIORITY (Beta)
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run Services \\ §R°£¥kÃ䪺¶µ¥Ø¡G\"PServer\"= C:\\Windows\\System\\PServer.exe Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:
\\Windows\\System\\PServer.exe ¢Ý¢Ù
71. Progenic Password Thief / Keylogger v1.0
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡Gpwt =\"C:\\WINDOWS\\SYSTEM\\pwt.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\WINDOWS
\\SYSTEM\\pwt.exe ¢Ý¢Ù
72. Progenic v1.0 -3.0
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GScandisk = \"C:\\WINDOWS\\scandiskvr.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\WINDOWS
\\scandiskvr.exe ¢Ý¢Ù
73. Prosiak beta - 0.70 b5
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\RunServices\\ §R°£¥kÃ䪺¶µ¥Ø¡GMicrosoft DLL Loader = \"windll32.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\WINDOWS\\
windll32.exe ¢Ý¢Ù
74. Retrieve v1.3
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GMicrosoft Access =\"C:\\WINDOWS\\access.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\WINDOWS
\\access.exe ¢Ý¢Ù
75. Revenger v1.0 - 1.5
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GAppName =\"C:\\...\\server.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows ¦bc:\\windows·j´M¬ÛÀ³ªº¤ì°¨µ{§Ç
server.exe¡A¨Ã§R°£ ¢Ý¢Ù
76. Ripper
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}system.ini¤å¥ó ±Nshell=explorer.exe sysrunt.exe §ï¬°shell= explorer.exe Ãö³¬«O¦ssystem.ini¡A«·s±Ò°Ê
Windows ¦bc:\\windows·j´M¬ÛÀ³ªº¤ì°¨µ{§Çsysrunt.exe¡A¨Ã§R°£ ¢Ý¢Ù
77. Satans Back Door v1.0
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\RunServices\\ §R°£¥kÃ䪺¶µ¥Ø¡Gsysprot protection =\"C:\\windows\\sysprot.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:
\\windows\\sysprot.exe ¢Ý¢Ù
78. Schwindler v1.82
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GUser.exe = \"C:\\WINDOWS\\User.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\WINDOWS\\User.exe
¢Ý¢Ù
79. Setup Trojan (Sshare) +Mod Small Share ³oÓ¦@¨ÉÁôÂâѽLªº¤ì°¨
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Network\\LanMan\\ ¿ï¾Ü¥kÃ䦳\'C$\'ªº¶µ¥Ø¡A¨Ã¥þ³¡§R°£ Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows ¢Ý¢Ù
80. ShadowPhyre v2.12.38 - 2.X
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GWinZipp = \"C:\\WINDOWS\\SYSTEM\\WinZipp.exe /nomsg\" ©ÎªÌWinZip = \"C:\\WINDOWS\\SYSTEM
\\WinZip.exe /nomsg\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\WINDOWS\\ WinZipp.exe©ÎªÌC:\\WINDOWS\\ WinZip.exe ¢Ý¢Ù
81. Share All
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Network\\LanMan\\ ³o¨½§A±N¬Ý¨ì©Ò¦³³Q¤ì°¨¦@¨É¥X¨Óªº§AªºµwºÐ²Å¸¹¡A§â¥¦Ì¤@ÓÓ§R°£±¼¡C
82. ShitHeap
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\RunServices\\ §R°£¥kÃ䪺¶µ¥Ø¡Grecycle-bin = \"c:\\windows\\system\\recycle-bin.exe\" ©ÎªÌrecycle-bin = \"c:\\windows\\system.exe\" Ãö³¬
«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£c:\\windows\\system\\recycle-bin.exe©ÎªÌc:\\windows\\system.exe ¢Ý¢Ù
83. Snid v1 - 2
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GSystem-tray = \'c:\\windows\\temp$01.exe\' Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£c:\\windows\\temp
$01.exe ¢Ý¢Ù
84. Softwarst
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GNetApp = C:\\windows\\system\\winserv.exe Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\windows\\system
\\winserv.exe ¢Ý¢Ù
85. Spirit 2000 Beta - v1.2 (fixed)
²M°£¤ì°¨v Betaª©¥»: ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡Ginternet = \"c:\\windows\\netip.exe \" Ãö³¬«O¦sRegedit ¥´¶}win.ini¤å¥ó ·j´M¨ìrun=c:\\windows\\netip.exe §ó§ï
¬°¡Grun= Ãö³¬«O¦swin.ini¡A«·s±Ò°ÊWindows §R°£c:\\windows\\netip.exe©Mc:\\windows\\netip.exe ¢Ý¢Ù ²M°£¤ì°¨v 1.2ª©¥»: ¥´¶}ª`¥U
ªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡G
SystemTray = \"c:\\windows\\windown.exe \" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£c:\\windows\\windown.exe ¢Ý¢Ù ²M°£¤ì°¨v 1.2
(fixed)ª©¥»: ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\ §R
°£¥kÃ䪺¶µ¥Ø¡GServer 1.2.exe = \"c:\\windows\\server 1.2.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£c:\\windows\\server 1.2.exe
¢Ý¢Ù
86. Stealth v2.0 - 2.16
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GWinprotect System = \"C:\\WINDOWS\\winprotecte.exe Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:
\\WINDOWS\\winprotecte.exe ¢Ý¢Ù
87. SubSeven - Introduction
²M°£¤ì°¨v1.0 - 1.1¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GSystemTrayIcon = \"C:\\WINDOWS\\SysTrayIcon.Exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:
\\WINDOWS\\SysTrayIcon.Exe ¢Ý¢Ù ²M°£¤ì°¨v1.3 - 1.4 - 1.5¡G ¥´¶}win.ini¤å¥ó ·j´M¨ìrun=nodll §ó§ï¬°run= Ãö³¬«O¦swin.ini¡A«·s
±Ò°ÊWindows §R°£c:\\windows\\nodll.exe ¢Ý¢Ù ²M°£¤ì°¨v1.6¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE
\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GSystemTray = \"SysTray.Exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò
°ÊWindows §R°£C:\\windows\\systray.exe ¢Ý¢Ù
²M°£¤ì°¨v1.7¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\RunServices \\ ·j´M¨ì¥kÃ䪺¶µ¥Ø¡GC:\\windows\\kernel16.dl¡A¨Ã§R°£ Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\windows
\\kernel16.dl ¢Ý¢Ù
²M°£¤ì°¨v1.8¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run©M HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices \\ ·j´M¨ì¥kÃ䪺¶µ¥Ø¡Gc:\\windows
\\system.ini.¡A¨Ã§R°£ Ãö³¬«O¦sRegedit¡C ¥´¶}win.ini¤å¥ó ·j´M¨ìrun= kernel16.dl §ó§ï¬°run= Ãö³¬«O¦swin.ini¡C ¥´¶}system.ini¤å¥ó
·j´M¨ìshell=explorer.exe kernel32.dl §ó§ï¬°shell=explorer.exe Ãö³¬«O¦ssystem.ini¡A«·s±Ò°ÊWindows §R°£C:\\windows\\kernel16.dl ¢Ý
¢Ù
²M°£¤ì°¨v1.9 - 1.9b¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows
\\CurrentVersion\\Run©M HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunServices \\ §R°£¥kÃ䪺¶µ
¥Ø¡GRegistryScan = \"rundll16.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\windows\\rundll16.exe ¢Ý¢Ù
²M°£¤ì°¨v2.0¡G ¥´¶}system.ini¤å¥ó ·j´M¨ìshell=explorer.exe trojanname.exe §ó§ï¬°shell=explorer.exe Ãö³¬«O¦ssystem.ini¡A«·s±Ò°Ê
Windows §R°£c:\\windows\\rundll16.exe ¢Ý¢Ù
²M°£¤ì°¨v2.1 - 2.1 Gold + SubStealth- 2.1.3 Mod + 2.1.3 MUIE + 2.1 Bonus¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run©M HKEY_LOCAL_MACHINE\\SOFTWARE
\\Microsoft\\Windows\\CurrentVersion\\RunServices \\ §R°£¥kÃ䪺¶µ¥Ø¡GWinLoader = MSREXE.EXE hkey_classes_root\\exefile\\shell
\\open\\command ±N¥kÃ䪺¶µ¥Ø§ó§ï¬°¡G@=\"\\\"%1\\\" %*\" Ãö³¬«O¦sRegedit¡C ¥´¶}win.ini¤å¥ó ·j´M¨ìrun=msrexe.exe©M
load=msrexe.exe §ó§ï¬°run= load= Ãö³¬«O¦swin.ini¡C ¥´¶}system.ini¤å¥ó ·j´M¨ìshell=explore.exe msrexe.exe §ó§ï¬°shell=explorer.exe
Ãö³¬«O¦ssystem.ini¡A«·s±Ò°ÊWindows §R°£C:\\windows\\ msrexe.exe C:\\windows\\system\\systray.dll ¢Ý¢Ù ²M°£¤ì°¨v2.2b1¡G ¥´¶}ª`
¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run©M §R°£¥kÃ䪺¶µ¥Ø¡G
¥[¸ü¾¹ = \"c:\\windows\\system\\***\" ª`¡G¥[¸ü¾¹©M¤å¥ó¦W¬OÀH·N§ïÅܪº Ãö³¬«O¦sRegedit¡C ¥´¶}win.ini¤å¥ó §ó§ï¬°run= Ãö³¬«O¦s
win.ini¡C ¥´¶}system.ini¤å¥ó §ó§ï¬°shell=explorer.exe Ãö³¬«O¦ssystem.ini¡A«·s±Ò°ÊWindows §R°£¬Û¹ïÀ³ªº¤ì°¨µ{§Ç ¢Ý¢Ù
88. Telecommando 1.54
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GSystemApp¡×\"ODBC.EXE\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\windows\\system\\ ODBC.EXE ¢Ý
¢Ù
89. The Unexplained
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GInetB00st = \"C:\\WINDOWS\\TEMPINETB00ST.EXE\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:
\\WINDOWS\\TEMPINETB00ST.EXE ¢Ý¢Ù
90. Thing v1.00 - 1.60
²M°£¤ì°¨v1.00-1.12¡G ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\ §R°£¥kÃä
ªº¶µ¥Ø¡G(Default) = \"C:\\some\\path\\here\\thing.exe\" ¤]¦³¤@¨Ç¬O¦b¡G HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\control
\\SessionManager\\Known16DLLs\\ §R°£¥kÃ䪺¶µ¥Ø¡Gwsasrv.exe = \"wsasrv.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\some
\\path\\here\\thing.exe ¢Ý¢Ù
²M°£¤ì°¨v 1.20ª©¥»: ¶i¤JMS_DOS¤è¦¡¡G del winspc13.exe del ms097.exe ¥´¶}system.ini¤å¥ó ·j´M¨ìshell=explorer.exe ms097.exe §ó
§ï¬°¡Gshell=explorer.exe Ãö³¬«O¦ssystem.ini¡A«·s±Ò°ÊWindows ¢Ý¢Ù
²M°£¤ì°¨v1.50ª©¥»: ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\ ³oÓ¶µ¥Øªº
¸ô®|©M¤å¥ó¦W¬OÀH¾÷§ïÅܪº¡A¹î¬Ý¦³¥iºÃªº¤å¥ó¸ô®|¡A±N¥¦§R°£¡C Ãö³¬«O¦sRegedit¡C ¥´¶}system.ini¤å¥ó ·j´M¨ì
shell=explorer.exe¦Z±¬O¤ì°¨¤å¥ó §ó§ï¬°¡Gshell=explorer.exe Ãö³¬«O¦ssystem.ini¡A«·s±Ò°ÊWindows §R°£¬ÛÀ³ªº¤ì°¨¤å¥ó ¢Ý¢Ù
²M°£¤ì°¨v1.50ª©¥»: ¶i¤JMS_DOS¤è¦¡¡G del winspc13.exe del ms097.exe ¥´¶}system.ini¤å¥ó ·j´M¨ìshell=explorer.exe¦Z±¬O¤ì°¨¤å
¥ó §ó§ï¬°¡Gshell=explorer.exe Ãö³¬«O¦ssystem.ini¡A«·s±Ò°ÊWindows §R°£¬ÛÀ³ªº¤ì°¨¤å¥ó ¢Ý¢Ù
91. Transmission Scount v1.1 - 1.2
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GKernel16\" = C:\\WINDOWS\\Kernel16.exe Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\WINDOWS
\\Kernel16.exe ¢Ý¢Ù
92. Trinoo
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡G System Services = service.exe Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\windows\\system\\service.exe ¢Ý
¢Ù
93. Trojan Cow v1.0
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GSysWindow = \"C:\\WINDOWS\\Syswindow.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\WINDOWS
\\Syswindow.exe ¢Ý¢Ù
94. TryIt
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GRc5Dec = C:\\Program Files\\Internet Explorer\\_.exe -guistart Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:
\\Program Files\\Internet Explorer\\_.exe ¢Ý¢Ù
95. Vampire v1.0 - 1.2
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GSockets =\"c:\\windows\\system\\Sockets.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£c:\\windows\\system
\\Sockets.exe ¢Ý¢Ù
96. WarTrojan v1.0 - 2.0
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GKernel32 = \"C:\\somepath\\server.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\somepath\\server.exe ¢Ý
¢Ù
97. wCrat v1.2b
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GMS Windows System Explorer =\"C:\\WINDOWS\\sysexplor.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£
C:\\WINDOWS\\sysexplor.exe ¢Ý¢Ù
98. WebEx (v1.2, 1.3, and 1.4)
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GRunDl32 = \"C:\\windows\\system\\task_bar\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\windows\\system
\\task_bar.exe©Mc:\\windows\\system\\msinet.ocx ¢Ý¢Ù
99. WinCrash v2
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GWinManager = \"c:\\windows\\server.exe\" Ãö³¬«O¦sRegedit ¥´¶}win.ini¤å¥ó ·j´M¨ìrun=c:\\windows
\\server.exe §ó§ï¬°¡Grun= «O¦sÃö³¬win.ini¡A«·s±Ò°ÊWindows §R°£c:\\windows\\server.exe ¢Ý¢Ù
100. WinCrash
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GMsManager =\"SERVER.EXE\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\windows\\system\\
SERVER.EXE ¢Ý¢Ù
101. Xanadu v1.1
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GSETUP = \"c:\\somepath\\setup.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£c:\\somepath\\setup.exe ¢Ý¢Ù
102. Xplorer v1.20
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡GPCX = \"C:\\WINDOWS\\system\\PCX.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:\\WINDOWS
\\system\\PCX.exe ¢Ý¢Ù
103. Xtcp v2.0 - 2.1
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\Run\\ §R°£¥kÃ䪺¶µ¥Ø¡Gmsgsv32 = \"C:\\WINDOWS\\system\\winmsg32.exe\" Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£C:
\\WINDOWS\\system\\winmsg32.exe ¢Ý¢Ù
104. YAT
²M°£¤ì°¨ªº¨BÆJ¡G ¥´¶}ª`¥UªíRegedit ÂIÀ»¥Ø¿ý¦Ü¡G HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion
\\RunServices\\ §R°£¥kÃ䪺¶µ¥Ø¡GBatterieanzeige = \'c:\\pathnamehere\\server.exe /nomsg\' Ãö³¬«O¦sRegedit¡A«·s±Ò°ÊWindows §R°£c:
\\pathnamehere\\server.exe ¢Ý¢Ù
|