Find the root cause of "automatic program running"

The more computer programs run, the slower the speed. When we start a computer, we often find that many programs are not needed when we start the computer. The programs seen during startup are only a small part of the automatically running programs. Most of them do not see the program interface, and some of them are scaled down to the system tray (in the lower right corner of the screen, A considerable number of automatically running programs do not have any interfaces or icons, but directly run in the system memory in the form of processes, especially virus programs, which consume a large amount of system resources.

This article describes in detail what programs are running automatically when the computer is started. Based on these started projects, we hope to help you determine which programs need to run automatically, which programs do not need them, or even which programs are viruses.

1. Dedicated startup directory for the current user

This is a common location where many applications run automatically. For example, if the current user is guest, the dedicated startup directory path is "C:/Documents and Settings/startup/start" by default ".

2. Effective startup directory for all users

No matter which user name is used to log on to the system, the files in this directory will always run automatically. The default path of this directory is "C:/Documents and Settings/all users/" start "menu/Program/start ".

 

 

Today, many computers do not respond after entering the web site with IE and there is no indication before the incident. Based on past experience and repeated tests, the following operations are used to solve the problem.

1. Open C:/winnt/system32/Drivers/etc (XP is Windows) and delete the hosts file.

2. Open the "Internet Options" dialog box, switch to the "connection" tab, and click the "LAN Settings" button to cancel "Automatic Detection Settings ".

3
Click OK to apply the settings. Open again
IE
Try surfing the internet!

Files in the preceding two startup directories are usually directly displayed in the "Start" item in the "Start/Program" menu. The automatically running programs are usually normal applications, if you do not want it to run automatically, you can delete the shortcut directly.

Iii. Run registration key

Run is the most common registration key for automatically running programs. Run the Regedit command to open the Registry Editor. The location in the registry is HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/run and HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/run. Both run before the "Start" directory, but the run key under user runs immediately following the run key under machine.

Next to the run registration key, there are usually runonce, runonceex, runservicesonce, runservices, and other key values containing the run character, and the content of the key also runs automatically upon startup.

For example, internat.exe and anti-virus software are used for real-time monitoring. Most of the projects are automatically run by some junk software and some ineffective virus programs.

The abbreviation of HKEY_CURRENT_USER is hkcu, and that of HKEY_LOCAL_MACHINE is HKLM.

Iv. Load registration key

This automatic operation key is relatively hidden. In fact, it can call the program and run it automatically. The location in the registry is the load string value under hkcu/software/Microsoft/Windows NT/CurrentVersion/windows.

The load registration key value is usually empty. Some virus programs modify this key value to run automatically.

V. userinit registration key

The userinit startup item is also concealed. The location in the registry is the userinit string value under HKLM/software/Microsoft/Windows NT/CurrentVersion/Winlogon.

The registration key has a userinit.exe value, which defaults to C:/Windows/system32/userinit.exe. Userinit.exe is a key process in the Windows operating system. It is used to manage different startup sequence. When the system is just started, the task manager will see userinit.exe. after all system items are completed, userinit.exe will automatically disappear. This key cannot be deleted; otherwise, it will always be automatically logged out after system logon. However, this key allows multiple programs separated by commas to run automatically.

The userinitkey generally only has key processes of userinit.exe. Some virus programs also modify this key value to automatically run.

6. Explorer/run registration key

Unlike load and userinit, the explorer/run key can be available under both hkcu and HKLM. These two keys may not exist. They can be created based on actual needs. These two automatic running items are also a favorite of virus programs. The specific locations in the Registry are hkcu/software/Microsoft/Windows/CurrentVersion/policies/Explorer/run, and HKLM/software/Microsoft/Windows/CurrentVersion/policies/Explorer/run.

7. Shell registration key

The shellregistration key calls the assumer.exe System Shell, which is usually seen on the desktop. The location of shell in the registry is HKLM/software/Microsoft/Windows NT/CurrentVersion/Winlogon. In the following situations, only assumer.exe is available, but multiple applications can be started at the same time at startup by using space separation. Some virus programs add themselves to the shell registration key for self-starting purposes.

 

Fully discover the system self-starting Program

1. Classic startup-"Startup" folder

Click "Start> program" and you will find a "start" menu, which is the most typical Windows Startup location. Right-click the "Start" menu and select "open" to open it, the programs and shortcuts run automatically when the system starts.

　　2. Famous startup-Registry Startup item

The Registry is the place where the startup program hides the most, mainly including the following items:

　　1. Run key

The run key is one of the most popular self-starting websites for viruses, the key is at [HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/run] and [HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/run]. all programs under it will be automatically executed in order each time the logon is started.

There is also an unnoticed run key, in the registry [HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/policies/Explorer/run] and [HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/policies/Explorer/run], you should also carefully check.

　　2. runonce key

Runonce is located at the [HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/runonce] and [HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/runonce] keys. Unlike run, runonce programs are automatically executed only once.

　　3. runservicesonce key

The runservicesonce key is located under [HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/runservicesonce] and [HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/runservicesonce, the program is automatically started and executed once when the system is loaded.

　　4. runservices key

The programs started after runservicesonce are located in the registry [HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/runservices] and [HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/runservices] keys.

　　5. runonceex key

Indicates the self-starting registry key unique to indows XP/2003, located in [HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/runonceex] and [HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/runonceex].

　　6. Load key
　　

The load key value program under [HKEY_CURRENT_USER/software/Microsoft/WindowsNT/CurrentVersion/Windows] can also be started by itself.

　　7. Winlogon key

The key is located in the registry [HKEY_CURRENT_USER/software/Microsoft/Windows NT/CurrentVersion/Winlogon] and [HKEY_LOCAL_MACHINE/software/Microsoft/Windows NT/CurrentVersion/Winlogon]. note that the following notify, userinit, and shell key values also have self-starting programs, and their key values can be separated by commas to start multiple programs during logon.

　　8. Other registry locations

There are also some other key values, and some programs will often run automatically here, such:

[HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/policies/system/Shell] [HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/shellserviceobjectdelayload] [HKEY_CURRENT_USER/software/Microsoft/Windows /system/scripts] [HKEY_LOCAL_MACHINE/software/policies/Microsoft/Windows/system/scripts]

　　Tips
:

The difference between the [HKEY_LOCAL_MACHINE] and [HKEY_CURRENT_USER] keys in the Registry: the former is valid for all users, and the latter is only valid for the current user.

　　Iii. Old startup-Automatic batch processing of files

My friends from the DOS age must know about autoexec. BAT (in the root directory of the System Disk) is an automatic batch processing file, which runs automatically when the computer starts. Many early viruses have taken a fancy to it, use Dangerous commands such as deltree and format to destroy hard disk data. For example, the "drive C killer" uses the "deltree/y c:/*. *" command to allow the computer to automatically delete all files on the drive C as soon as it is started, causing countless harm.

　　Tips

★In Windows 98, autoexec. bat also has a buddy -- winstart. BAT file, which is located in the Windows folder and automatically executed at startup.

★In Windows ME/2000/XP, neither of the above two batch files will be executed by default.

　　4. Common Startup-System Configuration File

The Windows configuration file (including the windows. ini, system. ini, and wininit. ini files) also loads some automatically running programs.

　　1. win. ini file

Use NotePad to open win. in the INI file, you can directly add executable programs after the "run =" and "load =" statements in the [windows] section, as long as Yiping aoyun's Satin bundle Yi aijian is baking a pure umbrella?

Tips

The program after "load =" is minimized after self-startup, and the program runs normally after "run =.

　　2. system. ini file

. Virus is not welcome. For example, if the "kiss of the demon" virus is changed to "shell = C:/yz1_exe133, if you force Delete the virus program yzw.exe, Windows will prompt an error, so that you can reinstall windows. Isn't it scary? There are also good viruses, such as changing the sentence into another program name ". In this case, the other program names that follow must be virus program 2.

　　3. wininit. ini

Wininit. the INI file is a system configuration file that is easily ignored by many computer users, because the file will be automatically deleted after it is automatically executed during Windows startup, this means that the commands in this file will be automatically executed only once. This configuration file is mainly generated by the software installer and cannot be deleted, updated, or renamed after the Windows GUI is started. If it is written into dangerous commands by viruses, the consequences are the same as those of drive C killer.

　　Tips

★If you do not know where they are stored, press F3 to open the "Search" dialog box for search;

★Click "Start> Run", enter sysedit, and press enter to open the "System Configuration Editor". Here, you can conveniently view and modify the above files.

　　5. Smart Start-on/shutdown/login/logout script

In Windows 2000/XP, click Start> Run and enter gpedit. MSC press enter to open the "Group Policy Editor". In the left-side pane, expand "Local Computer Policy> User Configuration> management template> system> Logon ", in the right pane, double-click "run these programs upon user logon" and click "show". The self-started programs are displayed under "projects running upon Logon.

　　6. Scheduled Start-Task Plan

By default, the "Task Scheduler" program is started with windows and runs in the background. If you add a program to the scheduled task folder and set the scheduled task to "system startup" or "Logon", the program can also be started automatically. Programs loaded with scheduled tasks generally have their icons in the system tray area of the taskbar. You can also double-click the "scheduled task" icon in the "control panel" to view the project.

　　Tips

"Task Scheduler" is also a special system folder. You can click "Start> program> attachment> System Tools> Task Scheduler" to open the folder for easy viewing and management.