Windows Startup Programs database RegRun 3 against Trojans and Viruses
Home
Features  
    On-line Guide
   Help On-line
   Screenshots
Order
Download  
     Localization
Awards
Support  
    NI Forum
   Mickey Forum
   Greatis Forum
Startup Programs
Application Database

Hot!
Download:
RegRun 4.0 beta 2
What's new?

Greatis Home

Subscribe:

Trojan programs. What are they?

"A program that neither replicates or copies itself, but does damage or compromises the security of the computer. Typically it relies on someone emailing it to you, it does not email itself, it may arrive in the form of a joke program or software of some sort."
(Symantec Security Response - Glossary)

As you can see a trojan program need to be started automatically to begin its work. Prevent from starting this program and it will be not more dangerous than a dust on the road.

RegRun 3 against Trojans

RegRun Watch Dog provides silent monitoring of the startup programs during your Windows working session. If RegRun WatchDog has detected changes to your registry or startup files, you will see a window similar to this:

You may quickly decline changes and restore your working startup.

What the startup holes are monitored by WatchDog?

Windows 95/98/ME

Files:

  • AUTOEXEC.BAT
  • CONFIG.SYS
  • WINSTART.BAT
Startup entries:
  • load, run in the WIN.INI
  • shell in the SYSTEM.INI

Registry keys:

  • HKLM\Software\Microsoft\Windows\CurrentVersion\RunEx
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  • HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  • HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
  • HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKLM\Software\Microsoft\Active Setup\Installed Components
User may add any registry key to the trace list by Regustry Tracer feature
(for example: Internet Explorer home page.)

File Extensions (may be expanded by user): pif, bat, com, exe.

VXD and Device drivers.

Finally: STARTUP and COMMON STARTUP folders.

Windows NT4/2000/XP:

Files:

  • %SYSTEMROOT%\SYSTEM32\config.nt
  • %SYSTEMROOT%\SYSTEM32\autoexec.nt
Startup entries:
  • load, run in the mapped to the registry WIN.INI
  • shell in the the mapped to the registry SYSTEM.INI

Registry keys:

  • HKLM\Software\Microsoft\Windows\CurrentVersion\RunEx
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  • HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  • HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
  • HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
  • HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKLM\Software\Microsoft\Active Setup\Installed Components
In addition to the registry keys above:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_Dlls
(by Registry Tracer)

File Extensions(may be expanded by user): pif, bat, com, exe.

Device drivers.

Services.

Another way to auto run trojan is substitution of the execution files and DLLs used in the startup. Most of known e-mail trojans substitute WinSock DLL.

RegRun has two features to prevent substitution.

Anti Replacement

RegRun automatically detects files that will be replaced with the next restarting of Windows. Windows needs to use special technology to replace opened files a like system DLL or executable files.

  • Windows 9X and Windows ME uses "wininit.ini" file located in Windows folder.
  • Windows NT/2000 uses registry value -
    "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations".
File Protection RegRun File Protection copies the original files to the special "storage" folder. RegRun File Protection supports full file comparison or signature checking. If you check the box "Use Signature Checking" RegRun makes an MD5 signature of the source file and saves it. While comparing, it compares the original signature with a calculated signature. File Protection allows to protect any files and to quickly restore them.

RegRun is the effective tool against trojans. The main advantage of the RegRun is its possibility to fight agains unknown trojans!

RegRun is the advanced trojan detector!

Viruses:

"A program or code that replicates, that is infects another program, boot sector, partition sector or document that supports macros by inserting itself or attaching itself to that medium. Most viruses just replicate, a lot also do damage."
(Symantec Security Response - Glossary)

RegRun doesn't replace antiviral software.
It has the Infection Detector feature.

RegRun uses special technology to search for viruses unknown to antiviral software. This is not signature scanning, but rather "infection scanning". During a session, RegRun opens and monitors a number of "bait" program and macro files which are vulnerable to infection by any active virus. If any of these files change, RegRun will advise you, and facilitate your communication with your antivirus supplier by providing you before and after samples.

RegRun uses advanced technology to detect UNKNOWN viruses!

Try RegRun now!

Read more information >>
Copyright © 1998-2004 Greatis Software | Privacy Policy | Recommend to a friend