Teach you to understand the Windows 7 boot project

We know that Windows
has its own startup folder, which is the most common startup project, but many people pay little attention to it. If you load the program into this folder, the system will automatically load the program when it starts, and because it is exposed, it is very easy to be changed by external factors.

First, the specific location is “Start”Startup"Start”Options

The location on the hard disk is: C:\\Documents andSettings\\Administrator\\“Start “Menu\\Program\\Startup;

The location in the registry is:

HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run

Second, Msconfig

Msconfig is a "system configuration utility" in Windows system. It can be wide enough to include: system.ini, win.ini, startup project, etc. Similarly, it is also a place that the self-starting program likes to stay very much!

1.System.ini

First, enter “msconfig” in the "Run” dialog box to start the system configuration utility The program (the same below), find the system.ini tag, inside the "shell=……” can be used to load special programs. If your shell= is not the default explorer.exe, or there is a program name behind it, then you should be careful, please check the corresponding program is safe!

2.Win.ini

If we want to load a program: hack.exe, then it can be in win. Ini is implemented with the following statement:

[windows]

load=hack.exe

run=hacke.exe

What to do, You should know it!

At this point, use the system settings in the Rubik's Cube (click here to download) - Startup settings, at a glance, and you can easily remove and add startup items.

3.“Starting”Project

The startup tab in the System Configuration Utility is not the same thing as the "Startup" folder we mentioned above. This startup project in the program is a collection of Windows system startup projects. Almost all startup projects can find —— of course, specially programmed programs can not be displayed here by another method.

Open the “Startup” tag, “Startup project" is listed in the name of the boot program, “">; is the specific program add-on command, the last "location” This is the corresponding location of the program in the registry. You can perform detailed path and command check on suspicious programs. Once you find an error, you can use the following "Disable" to disable the loading of the program when it is booted.

Generally speaking, in addition to the system based on the hardware part and the kernel part of the system software startup project, other startup projects can be changed appropriately, including: anti-virus programs, specific firewall programs, playback software, memory Management software, etc. In other words, the startup project contains a list of all our visible programs, and you can use it to manage your startup program.

Three, the corresponding startup load project in the registry

The registry startup project is the favorite of viruses and Trojans! The intractability of many virus Trojans is realized through the registry. So, usually you can download a registry monitor to monitor changes to the registry. Later versions of Rubik's Cube (click here to download) will also add a series of security features to monitor malware modifications to the system, etc. . Especially when installing new software or running a new program, be sure not to be confused by the beautiful appearance of the program. Be sure to see if its essence is the Trojan's camouflage shell or bundled program! If necessary, you can restore the registry according to the backup. There are many such registry programs online, so I won't go into details here.

We can also check the corresponding location in the registry manually, although many of them are duplicated with the above, but for network security, care is never too much!

Be sure to compare the corresponding keys in the safe and clean system registry. If you find inconsistencies, be sure to find out what it is! Don't believe that it is written outside, “system”, “"windows”,“ Programfiles & rdquo; and other names, everyone knows "to cover the rumors". If you have a detailed comparison, you can be sure that it is an unknown program, do not be soft, delete it immediately!

Four, Wininit.ini

We know that the Windows installer often calls this program to achieve After the installation process, delete the work, so don't underestimate it. If you do it on it, it can be said to be very covert and perfect!

It is opened in Notepad in the Windows directory of the system disk. It (sometimes the wininit.hak file) can see the corresponding content. Obviously, we can add corresponding statements to modify the system program or delete the program. If it is a file-associated Trojan, you can use winint.ini to delete the original file after infection, so as to truly hide yourself!

Five, DOS battle

Finally, let's talk about it The startup project under DOS is loaded, and the files such as config.sys, autoexec.bat, *.bat, etc. can be loaded in a specific programming manner. So don't think that DOS is an outdated thing. Good DOS programming can often achieve very simple and very useful functions.