. The specific location is “Start”The menu"Start”Options
The location on the hard disk is: C:Documents andSettingsAdministrator"Start” The menu program starts;
The location in the registry is:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
Second, Msconfig
Msconfig is the "system configuration utility" in Windows system, it can be wide enough, including: system .ini, win.ini, startup project, etc. Similarly, it is also a place that the self-starting program likes to stay very much!
1.System.ini
First, enter “msconfig” in the "Run" dialog box to start the system configuration utility (the same below). Find the system.ini tag, which can be used to load special programs with “shell=……”. If your shell= is not the default explorer.exe, or there is a program name behind it, then you should be careful, please check the corresponding program is safe!
2.Win.ini
If we want to load a program: hack.exe, then it can be in win. Ini is implemented with the following statement:
[windows]
load=hack.exe
run=hacke.exe
What to do, you should know it!
At this point , use the system settings in the cube (click here to download) - start item settings, at a glance, and you can easily remove and add startup items.
3.<;Startup" Project
The startup tab in the System Configuration Utility and the "Startup" folder we mentioned above are not the same thing, this startup project in the System Configuration Utility Is a collection of Windows system startup projects. Almost all startup projects can find —— of course, specially programmed programs can not be displayed here by another method.
Open the “Start” tag, “Startup project" is listed in the name of the boot program, “">; is the specific program add-on command, the last "location" is the program The corresponding location in the registry. You can perform detailed path and command check on suspicious programs. Once you find an error, you can use the following "Disable" to disable the loading of the program when it is booted.
Generally speaking, except for the startup project of the system software based on the hardware part and the kernel part, other startup items can be changed appropriately, including: anti-virus program, specific firewall program, playback software, memory management software, etc. . In other words, the startup project contains a list of all our visible programs, and you can use it to manage your startup program.
Third, the corresponding startup load project in the registry
The startup project of the registry is the favorite of viruses and Trojans! The intractability of many virus Trojans is realized through the registry, so usually you can Download a registry monitor to monitor registry changes. A subsequent version of Rubik's Cube (click here to download) will also add a series of security features to monitor malware modifications to the system and more. Especially when installing new software or running a new program, be sure not to be confused by the beautiful appearance of the program. Be sure to see if its essence is the Trojan's camouflage shell or bundled program! If necessary, you can restore the registry according to the backup. There are many such registry programs online, so I won't go into details here.
We can also check the corresponding location in the registry by manual method. Although many of them are duplicated with the above, but for network security, it is never too much to be careful!
Attention to safety Clean the system registry corresponding keys to compare, if you find inconsistencies, be sure to find out what it is! Do not believe in the name of "system", "windows", "programfiles" and other names, who All know that "who wants to cover the truth". If you have a detailed comparison, you can be sure that it is an unknown program, don't be soft, delete it immediately!
Four, Wininit.ini
We know that the Windows installer often calls this program to achieve the deletion after the installation program. So don't underestimate it. If you do it on it, it can be said to be very hidden and perfect!
It is opened in Notepad in the Windows directory of the system disk (sometimes wininit.hak file) ) can see the corresponding content. Obviously, we can add corresponding statements to modify the system program or delete the program. If it is a file-associated Trojan, you can use winint.ini to delete the original file after infection, so as to truly hide yourself!
5. Battle under DOS
Finally, let's talk about the startup project loading under DOS. , config.sys, autoexec.bat, *.bat and other files can be used in a specific programming way to achieve the purpose of the loader. So don't think that DOS is an outdated thing. Good DOS programming can often achieve very simple and very useful functions.