Summarize a variety of programs that start with Windows and may be hiding somewhere

First, the classic startup--"Startup" folder

Click "Start → program", you will find a "launch" menu, which is the most classic Windows startup location, right-click on the "Start" menu to select "Open" to open it, the program and shortcuts will be automatically run when the system starts.

Second, a well-known startup--Registry startup item

The registry is the most common place to start a program, with the following main items:

1.Run Key

The Run key is the virus's favorite self-launcher, the key position is [HKEY_CURRENT_USER\Software\Microsoft \windows\currentversion\run] and [hkey_local_machine\ Software\Microsoft \windows\currentversion\run], all programs under it are automatically executed in sequence each time the login is started.

There is also an unnoticed Run key, located in the registry [HKEY_CURRENT_USER\Software\Microsoft\Windows \currentversion\policies\explorer\run] and [HKEY_ Local_machine\software\microsoft \windows\currentversion\policies\explorer\run], also look carefully.


2.RunOnce Key

RunOnce is located in [HKEY_CURRENT_USER\Software\Microsoft \windows\currentversion\runonce] and [hkey_local_machine\software\ Microsoft \windows\currentversion\runonce] Key, unlike run, the program under RunOnce will only be executed automatically once.



3.RunServicesOnce Key

The RunServicesOnce keys are located in [HKEY_CURRENT_USER\Software\Microsoft \windows\currentversion\runservicesonce] and [HKEY_LOCAL_ Machine\software\microsoft \windows\currentversion\runservicesonce], where the program will automatically start executing once the system is loaded.



4.RunServices Key

RunServices RunServicesOnce After the start of the program, located in the registry [HKEY_CURRENT_USER\Software\Microsoft \windows\currentversion\ RunServices] and [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft \windows\currentversion\runservices] keys.



5.RunOnceEx Key


This key is a self-starting registry key for Windows xp/2003, located in [HKEY_CURRENT_USER\Software\Microsoft \windows\currentversion\runonceex] and [HKEY_ Local_machine\software\microsoft \windows\currentversion\runonceex].

6.load Key

Programs that load key values under [HKEY_CURRENT_USER\Software\Microsoft \windowsnt\currentversion\windows] can also be self-booting.


7.Winlogon Key

The key is located in the registry [HKEY_CURRENT_USER\Software\Microsoft \ Windows NT\CurrentVersion\Winlogon] and [HKEY_LOCAL_MACHINE\Software \microsoft \ Windows NT\CurrentVersion\Winlogon], note that the following notify, Userinit, Shell key values will also have a self-starting program, and its key values can be separated by commas, This enables multiple programs to be started when logging in.



8. Other Registry Locations

There are some other key values, and often some programs run automatically here, such as:

[HKEY_CURRENT_USER\Software\Microsoft \windows\currentversion\policies\system\shell] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \currentversion\shellserviceobjectdelayload] [HKEY_CURRENT_USER\Software \policies\microsoft\windows\system\scripts] [HKEY_LOCAL_MACHINE\Software \policies\microsoft\windows\system\scripts]

Tips:

The difference between the [HKEY_LOCAL_MACHINE] and [HKEY_CURRENT_USER] keys of the registry: the former is valid for all users, and the latter is only valid for the current user.

Three, the ancient start--Automatic batch processing file

From the DOS era of friends must know Autoexec.bat (located in the System packing directory) This automatic batch file, it will run automatically when the computer starts, many early viruses fancy it, using deltree, format and other dangerous commands to destroy hard disk data. such as "C-Drive Killer" is to use a "deltree/y c:\*.*" command, so that the computer will automatically delete all files on the start of the C disk, countless harm.

Little Tips

★ In Windows 98, Autoexec.bat also has a buddy--winstart.bat file, Winstart.bat is located in the Windows folder and will be executed automatically at startup.

★ In Windows ME/2000/XP, the above two batch files are not executed by default.

Iv. Common Startup-System configuration file

The Windows configuration files (including Win.ini, System.ini, and Wininit.ini files) also load some programs that run automatically.

1.win.ini file

Using Notepad to open the Win.ini file, the "run=" and "load=" statements under the [Windows] section can be directly added to the executable program, as long as the program name and path are written after "=".

Little Tips

Programs that follow the "load=" are minimized after starting, and the program runs normally after "run=".

2.system.ini file

Using Notepad, open the System.ini file and locate the "shell=" statement under the [Boot] section, which defaults to "Shell=Explorer.exe" and runs the Windows shell Explorer.exe when it starts. Virus can be polite, such as "Demon Kiss" virus simply change it to "Shell=c:\yzw.exe", if you forcibly delete "Demon Kiss" virus program yzw.exe,windows will prompt error, let you reload windows, scary not? There is also a kind of virus, such as the sentence into the "Shell=Explorer.exe other program name", see this situation, the following other program name must be shown in virus program 2.




3.wininit.ini

The Wininit.ini file is a system configuration file that is easily overlooked by many computer users because the file is automatically deleted when Windows is started, which means that the commands in the file are only executed automatically once. This profile is primarily generated by the software installer, which is not able to delete, update, and rename files after the Windows graphical interface is started. If the virus is written on dangerous orders, then the consequences of the "C-Disk Killer" is no different.

Little Tips

★ If you do not know where they are stored, press F3 to open the Search dialog box to search;

★ Click "Start → run", enter sysedit carriage return, open "System Configuration Editor", here can also be convenient to view and modify the above files.

Five, intelligent start--on/Shutdown/Login/Logoff script

In Windows 2000/xp, click start → run, enter gpedit.msc carriage return to open the Group Policy Editor, expand Local Computer policy → user Configuration → administrative Templates → system → logins in the left pane, and then in the right pane, double-click Run these programs when users log on , click the Show button to display the self-initiated program under items running at logon.


Six, scheduled start--mission plan

By default, the Task Scheduler program starts with Windows and runs in the background. If you add a program to the Scheduled Tasks folder and set the scheduled task to system startup or log on, you can also implement a program self-start. Programs loaded with scheduled tasks typically have their icons in the taskbar system Tray area. You can also double-click the Scheduled Tasks icon in Control Panel to see the items in it.

Little Tips

The Task Scheduler is also a special system folder, and clicking start → programs → accessories → system tools → Task Scheduler opens the folder for easy viewing and management.

Summarize a variety of programs that start with Windows and may be hiding somewhere