在系统加载程序时检查文件是否被感染,程序中运用了钩子技术，文件主要分3部分，分别的运行，安装和反安装。-loading procedures in the system when checking if the file has been infected, to use the procedures hook, the paper's main points three parts, the operation, installation and anti-installed.

// Quick and dirty blanket fix for ANI zero-day vulnerabilities. // Prevents loading cursors from outside the Windows directory. // // Derek Soeder - eEye Digital Security - 03/29/2007-/ / Quick and dirty blanket fix for ANI zero - day vulnerab

实现系统注册表，进程启动和驱动加载的主动防御源代码-Implement the system registry, initiate and drive the process of loading the source code of active defense

过杀毒软件进行内存启动，对驱动要求高，现在没做处理，开机加载对杀毒软件进行多注册表建设-After killing the poisonous software memory start to drive, high requirements, now do not handle, boot loading on the antivirus software multicenter registry construction