Pay attention to your startup items for PC security.

Source: Internet
Author: User

1. "Start" Project

We know that windows has a built-in Startup Folder, which is the most common startup project, but many people seldom check it carefully. If the program is installed in this folder, the system automatically loads the corresponding program at startup, and because it is exposed, it is very easy to be changed by external factors. The specific location is the "Start" option in the "Start" menu, and the location on the hard disk is C: windowsstartmenuprogramsstartup. The location in the registry is hkey_current_usersoftwaremicrosoftwindowscur1_versionpolicershell.

FoldersStartup = "C: windowsstartmenuprogramsstartup (take windows98 as an example). Now you can open it and see if there is any unknown program in it.

Ii. msconfig

Msconfig is a "system Configuration Utility" in Windows, which can be wide enough in terms of management, including system. ini. win. ini, startup project, etc. Similarly, it is also a favorite place for self-starting programs!

1. system. ini

First, enter "msconfig" in the "run" dialog box to start the system Configuration Utility (the same below) and find the "shell = ...... "You can use special programs. If your shellers are not exactly the same assumer.exe, or there is a program name behind them, you should be careful. Please carefully check whether the corresponding program is safe!

2. win. ini

If you want to load a program: hack.exe, you can go to win. The following statement is used in ini:

[Windows]

Load=hack.exe

Runninghacke.exe

You should know what to do!

3. "Start" the project

The startup tag in the System Configuration Utility is not the same as the "Start" folder we mentioned above. This startup project in the System Configuration Utility is a collection of Windows startup items, almost all startup projects can be found here-of course, programs that have undergone special programming processing can be found in other ways not shown here.

Open the "Start" tab. The "Start Project" lists the names of boot programs. The "command" contains the specific program additional commands, the final "location" is the corresponding location of the program in the registry. You can check the detailed path and command of the suspicious program. Once an error is found, you can use "Disable" below to disable loading of the program during startup.

In general, except for the startup project of the system software based on the hardware part and the kernel part, other startup projects can be modified as appropriate, including: anti-virus programs, specific firewall programs, playing software, memory management software, etc. That is to say, the startup project contains a list of all the programs we can see. You can use it to manage your startup programs!

3. Start and load the project in the Registry

The Registry Startup Project is a favorite of viruses and Trojans! A lot of virus Trojans are implemented through the registry. Therefore, you can download a registry monitor to monitor registry changes, especially when new software is installed or new programs are running, do not be confused by the beautiful appearance of the program. Be sure to check whether it is a disguised Trojan shell or a bundle! If necessary, you can recover the registry based on the backup. There are a lot of such registry programs on the Internet, so we will not be so arrogant here.

We can also manually check the corresponding location in the registry. Although many of them are the same as the positions mentioned above, it is never too much for network security!

Pay attention to the comparison with the corresponding keys of the secure and clean system registry. If any inconsistency is found, be sure to figure out what it is! Do not trust the names such as "system", "windows", and "programfiles" written on the outside. Everyone knows the principle of "coming soon. After detailed comparison, you can confirm that it is an unknown program. Do not delete it immediately!

Iv. wininit. ini

We know that Wiidows installer often calls this program to delete the installation program, so don't underestimate it. If you do something on it, it can be said that it is very concealed and perfect!

It is in the Windows directory of the system disk and opened in Notepad (sometimes wininit. hak file) you can see the corresponding content. Obviously, you can add the corresponding statement in it to modify the program or delete the program in the system. If it is a file-related Trojan, you can use winint. ini to delete the infected original file, so as to truly hide yourself!

5. DOS battles

Finally, let's talk about loading startup items under DOS, config. sys, autoexec. bat ,*. bat and other files can be loaded with specific programming methods, so do not think that DOS is an outdated thing, good DOS programming can often achieve very simple and practical functions!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.