Remove Windows Startup Items Hidden threat Protect system security

We know that the "startup" folder that is in Windows is the most common startup item, but a lot of people have little attention to checking it carefully. If the program is loaded into this folder, the system will automatically load the appropriate program, and because it is exposed, it is very easy to be external factors change.

　　One, the specific location is the Start menu, "Start" option

The location on the hard disk is: C:documents and settingsadministrator"Start menu program start;

The location in the registry is: Hkey_current_usersoftwaremicrosoftwindowscurrentversionrun;

Now you can open it and see if there are any unknown programs in it.

　　Second, Msconfig

Msconfig is the System Configuration Utility in Windows system that is wide enough to include: System.ini.win.ini, startup projects, and so on. In the same way, the inside is also a very favorite place to start the program!

1.system.ini

First, enter "Msconfig" in the "Run" dialog box to start the System Configuration Utility (same below), find the System.ini tag, inside the "shell= ..." can be used to load special programs if your shell= The back is not the default Explorer.exe, or there is a program name behind, then you have to be careful, please carefully check the corresponding procedures are safe!

2.win.ini

If we want to load a program: Hack.exe, then you can implement it in Win.ini with the following statement:

[Windows]

Load=hack.exe

Run=hacke.exe

What to do, you should know it!

3. "Start" project

The boot tag in the System Configuration Utility is not the same thing as the "startup" folder we mentioned above, and this startup project in the System Configuration Utility is a collection of Windows system startup projects where almost all of the Startup Projects department can find--of course, Programs that have been specially programmed can not be shown here in another way.

Open the Startup tab, which is listed in the startup project as the name of the Power-on startup program. Command "is a specific program attached to the command, the final" location "is the program in the registry in the corresponding position, you can be suspicious of the program to carry out detailed path, command check, once found that the error, you can use the" Disable " To disable loading of the program when it is powered on.

Generally speaking, in addition to the system based on hardware and kernel part of the system software startup project, other start-up projects are appropriate to change, including: antivirus programs, specific firewall programs, playback software, memory management software. That is, the startup project contains a list of all the programs that we see, and you can use it to manage your startup program!

　　Third, the corresponding startup loading project in the registry

Registry Startup items are viruses and Trojan horse programs favorites! The stubborn nature of a lot of viruses is achieved through the registry, so you can usually download a registry monitor to monitor registry changes, especially when you install new software or run a new program, Be sure not to be fooled by the beautiful appearance of the program. Be sure to see the essence of it is not a Trojan camouflage shell or a bundle of programs! When necessary, you can restore the registry according to the backup, so there is a lot of online registry program, there is no longer wordy.

We can also use the manual method to check the corresponding location in the registry, although many of them are the same as the location above, but for network security, be careful is never too much!

Pay attention to the security, Clean system registry keys for comparison, if found inconsistent place, we must find out what it is! Do not believe in the outside of the "system", "Windows", "ProgramFiles" and other names, everyone knows "the truth". If after a detailed comparison, you can be sure that it is unclear procedures, do not hesitate to delete immediately!

　　Four, Wininit.ini

We know that Wiidows installation program often calls this program to implement the deletion after the installation process, so do not underestimate it, if the above tamper with it, it can be said to be very hidden, very perfect!

It is in the system disk Windows directory, with Notepad to open it (sometimes Wininit.hak file) can see the corresponding content, it is obvious that we can add the corresponding statements to achieve the system to modify the program or the purpose of the deletion of the program if it is a file-related Trojan horse, It can be winint.ini to delete the original file after infection, so as to really hide their own purpose!

　　Five, the fight under DOS

Finally, we say that the boot project under the DOS load, Config.sys,autoexec.bat,*.bat and other files can be a specific programming way to achieve the purpose of loading programs, so do not think that DOS is an outdated thing, good DOS programming can often achieve very simple , very useful features