Log in
Register
Menu
Log in
Register
Home
What's new
Latest activity
Authors
Forums
New posts
Search forums
What's new
New posts
Latest activity
Members
Current visitors
New posts
Search forums
Menu
Log in
Register
Install the app
Install
Forums
Miscellaneous Sections
Tech Head - The Technology Section
Computer Discussion
Network Connections - Problem!
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="BGonaSTICK" data-source="post: 50025" data-attributes="member: 176912"><p>If you think about it, the malicious code has to start each time you boot windows. Looking in the startup folder is a good place to begin, for EACH user on XP.</p><p></p><p>If the code has infected other executables, then your task can grow exponentially, but the other two common places that code is run from are in the registry.</p><p></p><p>If you click START then Run, type in 'regedit' without the quotes, and navigate to :-</p><p></p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run .</p><p></p><p>This is the hook in the registry used to start many programs on startup.</p><p></p><p>There is also :-</p><p></p><p>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce which will (guess what) run code once only. Often a spyware setup program will be run from here, infecting or installing other code for use in subsequent boots.</p><p></p><p>It definitely a great idea to get to know everything that SHOULD reside in these two places, so that you can easily spot what doesn't belong.</p><p></p><p>Find the name of the file being executed in each case, (exe, dll etc.) and locate it using windows explorer. Pause the cursor over it and you'll get a feel for whether it's 'genuine' or 'unwanted'.</p><p></p><p>If you find suspect material, backup your registry (use FILE/EXPORT) and delete the entry. Test the function of your machine for a day or two, then remove the next one etc. backing up as you go. Using this method, you can often remove stuff that is not detected by the popular scanners.</p><p></p><p>If everything goes pear-shaped, just restore the registry to the last working version. Use safe-mode if you really screw it up.</p><p></p><p>Hope this helps.</p></blockquote><p></p>
[QUOTE="BGonaSTICK, post: 50025, member: 176912"] If you think about it, the malicious code has to start each time you boot windows. Looking in the startup folder is a good place to begin, for EACH user on XP. If the code has infected other executables, then your task can grow exponentially, but the other two common places that code is run from are in the registry. If you click START then Run, type in 'regedit' without the quotes, and navigate to :- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run . This is the hook in the registry used to start many programs on startup. There is also :- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce which will (guess what) run code once only. Often a spyware setup program will be run from here, infecting or installing other code for use in subsequent boots. It definitely a great idea to get to know everything that SHOULD reside in these two places, so that you can easily spot what doesn't belong. Find the name of the file being executed in each case, (exe, dll etc.) and locate it using windows explorer. Pause the cursor over it and you'll get a feel for whether it's 'genuine' or 'unwanted'. If you find suspect material, backup your registry (use FILE/EXPORT) and delete the entry. Test the function of your machine for a day or two, then remove the next one etc. backing up as you go. Using this method, you can often remove stuff that is not detected by the popular scanners. If everything goes pear-shaped, just restore the registry to the last working version. Use safe-mode if you really screw it up. Hope this helps. [/QUOTE]
Insert quotes…
Verification
Post reply
Forums
Miscellaneous Sections
Tech Head - The Technology Section
Computer Discussion
Network Connections - Problem!
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
Accept
Learn more…
Top