bytecode77
commented
10 months ago $77_A.exe is not injected with the rootkit, because r77 never injects files with the $77 prefix. So, it should be able to see $77_B.exe.
Why does the second executable not start? You can debug your startup process by just writing a logfile to disk and see how far it goes, until it doesn't go further. Have you tried to name the second executable just B.exe and see whether that works?
Since I can't see what exactly you are doing, you need to try out a few scenarios and let me know, where exactly startup fails.
Summ3rM0
I guess it's a simple problem, but I'm a noob and don't know how to solve it. Now the situation is that I need to open an executable file hidden by r77 at boot time. I know that I can get r77 to start it by writing the path to this executable file to the registry, but the problem is that this open executable file (temporarily named $77_A.exe) needs to open another executable file ($77_B.exe). However,$77_B.exe is also hidden, so obviously $77_A.exe cannot open $77_B.exe, how to solve this situation? This paragraph was generated by machine translation, and I'm sorry if it's difficult to understand.