Eliminate hidden threats from Windows startup items Protect system security

We know that the "Startup" folder that comes with Windows
is the most common startup project, but many people pay little attention to it. If you load the program into this folder, the system will automatically load the program when it starts, and because it is exposed, it is very easy to be changed by external factors.

First, the specific location is “Start”Startup"Start”Options

The location on the hard disk is: C:\\Documents and Settings\\Administrator\\"Start Menu\\Program\\Startup;

The location in the registry is: HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run;

Now you can open it and see if there is anything unclear The program exists.

Second, msconfig

msconfig is the "system configuration utility" in Windows system, it can be wide enough, including: system.ini.win.ini, start the project Wait. Similarly, it is also a place that the self-starting program likes to stay very much!

1.system.ini

First, enter “msconfig” in the "Run” dialog box to start the system configuration. Utilities (the same below), find the system.ini tag, inside the "shell=……” can be used to load special programs, if your shell = behind the default explorer.exe, or behind There is also a program name, then you have to be careful, please check the corresponding program is safe!

2.win.ini

If we want to load a program: hack.exe , then you can use the following statement in win.ini:

[windows]

load=hack.exe

run=hacke.exe

What to do, you should know!

3.“Start”Project

The startup tab in the System Configuration Utility and the "Startup" we mentioned above. The folder is not the same thing. The startup project in the system configuration utility is Windows system. The set of items, almost all of the starting unit can find items here & mdash; & mdash; of course, through a special program of the programming process may not be shown here by another method.

Open the "Startup" tab, "Startup Project" is listed in the name of the boot program, "Command" is the specific program add-on command, the last "Location" It is the corresponding position of the program in the registry. You can perform detailed path and command check on the suspicious program. Once you find the error, you can use the following "Disable" to disable the loading of the program when it is booted.

Generally speaking, except for the startup project of the system software based on the hardware part and the kernel part, other startup items can be changed appropriately, including: anti-virus program, specific firewall
Programs, playback software, memory management software, etc. In other words, the startup project contains a list of all the programs we can see, you can use it to manage your startup program!

Third, the corresponding startup load project in the registry

The startup project of the registry is the favorite of viruses and Trojans! The intractability of a lot of viruses is achieved through the registry, so you can
download a registry monitor to normal times. Monitor registry changes, especially when installing new software or running new programs, be sure not to be confused by the beautiful appearance of the program. Be sure to see if its essence is the Trojan's camouflage shell or bundled program! If necessary, you can restore the registry according to the backup. This kind of registry program is a lot online, and it is no longer awkward.

We can also check the corresponding location in the registry manually, although many of them are duplicates of the above, but for network security
, be careful forever Not too much!

Pay attention to the corresponding keys in the safe and clean system registry. If you find inconsistencies, be sure to find out what it is! Don't trust the "system" written outside. , "windows”,“programfiles” and other names, everyone knows & ldquo; wants to cover the truth. If you have a detailed comparison, you can be sure that it is an unknown program, don't be soft, delete it now!

Fourth, wininit.ini

We know that Wiidows installer often calls this program to achieve After the installation process, delete the work, so don't underestimate it. If you do it on it, it can be said to be very hidden and perfect!

It is opened in Notepad in the Windows directory of the system disk. It (sometimes the wininit.hak file) can see the corresponding content, it is obvious that we can add the corresponding statement in it to achieve the purpose of modifying the system or deleting the program. If it is a file-related Trojan, you can pass Winint.ini to delete the original file after infection, so as to achieve the purpose of truly hiding yourself!

Five, DOS battle

Finally, let's talk about the loading of the startup project under DOS , config.sys, autoexec.bat, *.bat and other files can be used in a specific programming way to achieve the purpose of the loader, so do not think that DOS is an outdated thing, under good DOS Programming can often achieve very simple and very useful functions