Windows has its own startup folder, which is the most common startup project. Here you should pay attention to Win7 boot to check the startup project. If you load the program into this folder, the system will automatically load the corresponding program when it starts. If it is changed, it is very dangerous. So it is necessary to check the startup project.
Wininit.ini
We know that the Windows installer often calls this program to remove the installer, so don't underestimate it. If you do it on it, it can be said to be very hidden and very Perfect!
It is in the Windows directory of the system disk, open it with Notepad (sometimes wininit.hak file) to see the corresponding content. Obviously, we can add corresponding statements to modify the system program or delete the program. If it is a file-associated Trojan, you can use winint.ini to delete the original file after infection, so as to truly hide yourself!
DOS loading project
DOS startup project loading, config.sys, autoexec. Bat, *.bat and other files can be used in a specific programming way to achieve the purpose of the loader. So don't think that DOS is an outdated thing. Good DOS programming can often achieve very simple and very useful functions!
One, the specific location is "Start", "Start" &
Br> The location on the hard disk is: C:Documents andSettingsAdministrator<quo;Start”The menu program starts;
The location in the registry is:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
Second, Msconfig
Msconfig is in Windows system "System Configuration Utility", it can be wide enough, including: system.ini, win.ini, startup projects, and so on. Similarly, it is also a place that the self-starting program likes to stay very much!
1.System.ini
First, enter “msconfig” in the "Run" dialog box to start the system configuration utility (the same below). Find the system.ini tag, which can be used to load special programs with “shell=……”. If your shell= is not the default explorer.exe, or there is a program name behind it, then you should be careful, please check the corresponding program is safe!
2.Win.ini
If we want to load a program: hack.exe, then it can be in win. Ini is implemented with the following statement:
[windows]
load=hack.exe
run=hacke.exe
What to do, you should know it!
At this point , use the system settings in the cube (click here to download) - start item settings, at a glance, and you can easily remove and add startup items.
3.<;Startup" Project
The startup tab in the System Configuration Utility and the "Startup" folder we mentioned above are not the same thing, this startup project in the System Configuration Utility Is a collection of Windows system startup projects. Almost all startup projects can find —— of course, specially programmed programs can not be displayed here by another method.
Open the “Start” tag, “Startup project" is listed in the name of the boot program, “">; is the specific program add-on command, the last "location" is the program The corresponding location in the registry. You can perform detailed path and command check on suspicious programs. Once you find an error, you can use the following "Disable" to disable the loading of the program when it is booted.
Generally speaking, except for the startup project of the system software based on the hardware part and the kernel part, other startup items can be changed appropriately, including: anti-virus program, specific firewall program, playback software, memory management software, etc. . In other words, the startup project contains a list of all our visible programs, you can use it to manage your startup program!
The corresponding startup loading project in the registry
The registry startup project is virus and The favorite of Trojans! The intractability of a lot of Trojan horses is achieved through the registry, so you can download a registry monitor to monitor the changes in the registry, and the subsequent versions of the cube (click here to download) A range of security features will be added to monitor malware modifications to the system and more. Especially when installing new software or running a new program, be sure not to be confused by the beautiful appearance of the program. Be sure to see if its essence is the Trojan's camouflage shell or bundled program! If necessary, you can restore the registry according to the backup. There are many such registry programs on the Internet, so I won't go into details here.
We can also check the corresponding location in the registry by manual method. Although many of them are duplicated with the above, but for network security, the precaution is never too much!
Attention should be paid Compare with the corresponding keys of the safe and clean system registry. If you find inconsistencies, be sure to find out what it is. Always look at the Win7 boot project to keep the computer away from danger.