The senior network administrator teaches you to completely pull out the Windows boot worm

. Microsoft's Windows operating system must be familiar to everyone. We use the Windows series products every day, from Windows 98 to 2000, from Windows XP to 2003. Our network administrators have to deal with the operating system every day, whether it is slow or often illegally crashing. When encountering such problems, the first thing to check is the system startup items. Therefore, through this article, the author introduces readers how to completely remove the system-initiated mites.

a, Windows98 system uncovered borers: Although

Windows98 system has been introduced year long, the frequency of use is also getting lower and lower. However, for some companies with training rooms, the Windows98 system still has a place. Many computers with low hardware configurations can use Windows 98 smoothly.

We use the Msconfig tool to extract the system-initiated mites.

Step 1: Start Windows98 to enter the desktop, through the taskbar's "Start -> Run".

Step 2: Enter Msconfig in "Run", use this startup item configuration tool to see which programs on the current computer are started with the system startup.

third step: in the "Startup" tab we realize cancel the program starts with the system is activated by the hook before removing the items will start.

addition Windows98 Some programs are loaded through the registry, but Msconfig startup configuration tool will automatically read standard RUN key, so we do not need to enter to view the registry.

two, Windows2000 system uncovered borers:

Windows2000 is head Pa Tuan Quan  mortar coat meters deep sigh Mu Tong Xiang playing  gluttonous  Si rofessional and server versions. Professional is mainly used for individual users and server version is used for servers. However, the two versions are basically similar in terms of the mites that are launched by the system, and we will introduce them together.

one:

registry law does not provide a similar configuration tool startup items as Windows98 Windows2000 system for us, we can only be viewed through the registry program which starts with the system and start up.

Step 1: Go to the Windows 2000 desktop and enter regedit into the Registry Editor via "Start -> Run". (Figure 1)

Step two: positioning in the Registry Editor to HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun key, on the right you can see what the current program with the starting system is activated, we can pass the DEL key Remove these programs. (Figure 2)
Figure 2

Step 3: Continue to locate the HKEY_LOCAL_MacHINESOFTWAREMicrosoftWindowsCurrentVersionRun key in the Registry Editor. On the right, you can see which programs are currently started with the system startup. Now, we can delete these programs by using the DEL key. (Figure 3)


Figure 3

Method 2: Copy the Msconfig method:

Although there is no startup item configuration tool in Windows2000 Msconfig, but we can migrate this startup configuration tool from 98 to 2000 by copying the Msconfig.exe file. The method is to find the Msconfig.exe program in the system directory of the 98 Windows directory, and copy it to the system32 directory and the system directory under the Winnt directory in the 2000 system. This way we can run the startup configuration tool in the 2000 system via "Start -> Run -> Enter Msconfig".

Tip: Of course, we directly copy the Msconfig.exe file to the 2000 system desktop. It is also possible to run the executable program directly when viewing the startup program. The effect is the same.

by introducing the above Msconfig.exe file replication method can achieve 98 to see which programs start with the system and the start of the function, but because the system 98 file format and 2000 different, so a direct run 98 systems Msconfig. When the exe program appears, the system can not find the config and autoexec files, we don't bother to skip it.

Method three: the new version Msconfig law:

online enthusiastic network administrator for us to make a green version and upgrade version of the Msconfig file, we can directly use this file to view the system startup items, At startup, like the 98 system, XP system, there will be no error message that no file can be found. (Figure 4)

Figure 4

three, Windows XP system to ferret out borers:

in Windows XP, we can use the registry law And the Msconfig startup item configuration tool to view the program started with the system, because the steps and methods are similar to the Windows 2003 described below, so it will not be described in detail here. However, it is worth mentioning that after the SP2 patch was installed in the latest Windows XP, a patch update in early October improved the Msconfig startup configuration tool. We saw it by "Start->Run->Enter Msconfig". The startup configuration tool has changed a bit, and there is a tag called a tool. In the tool tag, we can quickly launch many common gadgets, including internet property settings, event viewer, command prompt, Windows properties, registration. More than a dozen items such as the table editor, you can quickly start the corresponding tools by clicking the start button below, which provides great convenience for our daily work. (FIG. 5)


FIG click to enlarge

four, Windows 2003 system ferret moth:

Windows2003 server system is mainly used, and 98 As with the XP system, we can view the system startup program in two ways.

method: Msconfig law

in Windows2003 we can Msconfig tool to ferret out system startup worms.

first step: start Windows2003 into the desktop, taskbar "Start - & gt; Run."

Step 2: Enter Msconfig in "Run", use this startup item configuration tool to see which programs on the current computer are started with the system startup.

third step: in the "Startup" tab we realize cancel the program starts with the system is activated by the hook before removing the items will start. (Figure 6)


Figure 6 Click to enlarge

Method 2: Registry method

In the Windows2003 system we can also view through the registry What programs are started when the system is started.

Step 1: Go to the Windows 2003 desktop and enter regedit into the Registry Editor via "Start -> Run".

Step 2: Locate the HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun key in the Registry Editor. On the right side, you can see which programs are currently started with the system startup. We can delete these programs by using the DEL key.

third step: to continue positioning HKEY_LOCAL_MacHINESOFTWAREMicrosoftWindowsCurrentVersionRun key in the Registry Editor, on the right you can see the current program which started with the activation of the system, we can remove these programs by the DEL key .

comparison of the two methods described above or Msconfig law simpler, easier network administrator to get started.

five service can hide worms: the registry and Msconfig

generally described above can be viewed by the overwhelming majority of the program start with the system and boot Names, however, viruses and trojans and spyware are constantly evolving. Currently, many programs have the ability to register themselves as services, which means that these programs are loaded in the form of services, so that they can be started with the system startup.

how to effectively prevent such worms do? Network administrators need to have some experience, at least to be familiar with the services that are not enabled by viruses and trojans and spyware systems. You can't say that you are familiar with proficiency. This way you can suspect and close the program in the first place when other faces appear in the service.

How to view unfamiliar services? We have two methods, one is the registry method, and the other is the service component method.

Method One: state law

registry key information systems are stored in the registry, the service is no exception. We can find the startup mode and current status of each service in the registry. In this case, we can use the registry file to control the state of the service. And you can delete the unsuspecting services we are not familiar with in the registry.

Step 1: Enter the regedit into the registry editor via the "Start -> Run" on the taskbar.

Step two: find the registry HKEY_LOCAL_MacHINESYSTEMCurrentControlSetServices, the key is in service, for example, there is a RemoteRegistry items, this is the Remote Registry service corresponding key. Of course, for other services, they also correspond to different items.

third step: each item is displayed corresponding to the service status of the key on the right window, which description is the description of the services, desplayname is the name of the service displayed, failureactions service failed to start is taken Operation, start is the startup type.

Tip: start in the Startup type is 4 for disabled, 2 for automatic startup, 3 for manual start.

Step four: we can see by the above keys of the current system which have served, we can meet new firm to remove it, so as to prevent these worms Trojan horses and viruses hidden in the machine.

Tip: In order to better manage service we can no components are installed, the system will be set up under the clean service is good type of registry export, so that in the future you can quickly switch service status It is implemented by running a registry program. Thereby achieving the purpose of quickly restoring the default service state of the system.

two methods: Method

service component service component method is relatively simple, graphical interface easier to get our reception, easy to use.

Step 1: Open the "Start -> Control Panel -> Management Tool" on the taskbar.

Step 2: Double-click the "Services" icon to open the Service Settings window.

Step 3: In this service settings window, we can view what services are started with this machine, as well as the type of startup. You can set it to "disabled" by encountering a service name that we are not familiar with.

Tip: There are two ways to quickly enter the service settings window, one is to open the task bar "Start -> Run". Then enter services.msc in the Run text box to open the service settings window directly.