How do hackers hide there malware on windows, to startup and be impossible to fi

Question

How do hackers hide there malware on windows, to startup and be impossible to find then delete.

The results I found that a hacker can use to hide his malware: (found here)

Windows: Setting hidden attribute.

But I find this results too simple, and could easily be discovered if the user changes settings. On Windows to start something up when the computer starts up, it needs to either be placed in Startup Folder, or started as a Service.

So these can all be detected if the user has correct settings in place, and checks his services. My question is how does a good hacker hide his program on a computer to start up without ever being detected. Please give me examples.

And after that

I have a theory that if one makes his program to always start itself just before it's killed, then it can never be deleted while on the normal windows interface. Please tell if I'm going banana's or this can be achieved.

Explanation / Answer

There are many ways to do this. The term you are looking for is "rootkit" - that should send you down a rich road of research.

As for specifics, the attacker could replace a core Windows program with an infected one so it always gets loaded when Windows starts up normally. Or, the attacker could infect the BIOS. These two methods are impossible for a normal user to detect or to change once infected, which is why strong Anti-malware tries to detect and prevent these things.

A very cool alternative (more theory than actual) was to make the operating system a virtual machine and install a malicious hypervisor over top. In this way, there would be no change at all to the operating system, and the hypervisor could fiddle with the operation of the machine as it ran. In this case, even the perfect anti-malware program would be helpless.

Related Questions

Navigate

• Browse (All)
• Browse H
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.