Eliminate system startup items and conceal threats to Protect System Security

We know that Windows has a built-in Startup Folder, which is the most common startup project, but many people seldom check it carefully. If the program is loaded into this folder, the system automatically loads the corresponding program at startup, and because it is exposed, it is very easy to be changed by external factors.

1. The specific position is the "Start" option in the "Start" menu.

The locations on the hard disk are: C: \ Documents and Settings \ Administrator \ Start Menu \ Program \ Start;

The location in the registry is HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run;

Now you can open it and see if there are any unknown programs in it.

Ii. msconfig

Msconfig is the "system Configuration Utility" in Windows, which can be wide enough in terms of management, including: system. ini. win. ini, startup project, etc. Similarly, it is also a favorite place for self-starting programs!

1. system. ini

First, enter "msconfig" in the "run" dialog box to start the system Configuration Utility (the same below) and find the "shell =…" in the system. ini tag ......" You can use a special program. If your shellslate is not called cmd.exe, or there is a program name in the background, you should be careful. Please carefully check whether the corresponding program is safe!

2. win. ini

To load a program: hack.exe, use the following statement in win. ini:

[Windows]

Load=hack.exe

Runninghacke.exe

You should know what to do!

3. "Start" the project

The startup tag in the System Configuration Utility is not the same as the Startup Folder we mentioned above. This startup project in the System Configuration Utility is a collection of Windows startup items, almost all startup projects can be found here-of course, programs with special programming processing can be found here in other ways.

Open the "Start" tab. The "Start Project" lists the names of the boot programs. The "command" lists the specific program additional commands, the final "location" is the corresponding location of the program in the registry. You can check the detailed path and command of the suspicious program. Once an error is found, you can use "Disable" below to disable loading of the program during startup.

In general, except for the startup project of the system software based on the hardware part and the kernel part, other startup projects can be modified as appropriate, including: anti-virus programs, specific firewall programs, playing software, memory management software, etc. That is to say, the startup project contains a list of all the programs we can see. You can use it to manage your startup programs!

3. Start and load the project in the Registry

The Registry Startup Project is a favorite of viruses and Trojans! A lot of virus Trojans are implemented through the registry. Therefore, you can download a registry monitor to monitor registry changes, especially when new software is installed or new programs are running, do not be confused by the beautiful appearance of the program. Be sure to check whether it is a disguised Trojan shell or a bundle! If necessary, you can recover the registry based on the backup. There are a lot of such registry programs on the Internet, so we will not be so arrogant here.

We can also manually check the corresponding location in the registry. Although many of them are the same as the positions mentioned above, it is never too much for network security!

Pay attention to the comparison with the corresponding keys of the secure and clean system registry. If any inconsistency is found, be sure to figure out what it is! Do not trust the names such as "system", "windows", and "programfiles" written on the outside. Everyone knows the principle of "coming to an end. After detailed comparison, you can confirm that it is an unknown program. Do not delete it immediately!

Iv. wininit. ini

We know that Wiidows installer often calls this program to delete the installation program, so don't underestimate it. If you do something on it, it can be said that it is very concealed and perfect!

It is in the Windows directory of the system disk and opened in Notepad (sometimes wininit. hak file) you can see the corresponding content. Obviously, you can add the corresponding statement in it to modify the program or delete the program in the system. If it is a file-related Trojan, you can use winint. ini to delete the infected original file, so as to truly hide yourself!

5. DOS battles

Finally, let's talk about loading startup items under DOS, config. sys, autoexec. bat ,*. bat and other files can be loaded with specific programming methods, so do not think that DOS is an outdated thing, good DOS programming can often achieve very simple and practical functions!