################################################################################ ############# Tutorial about how to know if you have batch or trojan ########### ############################### By E-CriminaL ################################## ################################################################################ Hi folks .. yesterday someone asked me about trojans and how can you detect them without anti-trojan and this is not mean that you don`t need to use Anti-trojan , I say you must have at least some information about how can u detect trojans in any PC .. So let`s start 1-) Autostart Folder Methode :- The Autostart folder is located in C:\Windows\Start Menu\Programs\start and any file put there will start automatically when windows start 2-) Win.ini Methode : open the win.ini file and if you found [windows] load= trojan run= trojan NullPort=None BaseCodePage=1256 so your PC is batched and you have trojan , so delete anything after the "=" sign 3-) System.ini Methode : Same as win.ini file .. open up system.ini if you find shell=Explorer.exe trojan.exe , the trojan will start after explorer start and as your desktop is an explorer , so it will start every time windows start 4-) The registry methode : Registry is often used in various auto-starting methods. Here are some known ways: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Info"="c:\directory\Trojan.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Info"="c:\directory\Trojan.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices] "Info"="c:\directory\Trojan.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce] "Info="c:\directory\Trojan.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Info"="c:\directory\Trojan.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Info"="c:\directory\Trojan.exe" - Registry Shell Open [HKEY_CLASSES_ROOT\exefile\shell\open\command] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command] A key with the value "%1 %*" should be placed there and if there is some executable file placed there, it will be executed each time you open a binary file. It's used like this: trojan.exe "%1 %*"; this would restart the trojan. Here is the EOF .. i know that is lame .. but some guys dun know about this and this tutorial is ddedicated to them so dun flame me or send me email to harras me cuz i can reply :) ################################################################################ Online-Tech Group Www.Online-Tech.now.nu Www.Online-Tech.tk Funnest_boy@hotmail.com Online_tech@danger.org We Need Members