工具不過是 an interface to access the configurations stored somewhere. In windows, they are stored in registry. If you know the registry, you are certainly smarter than any tool. The only tool you need it regedit, it is basic but it does everything. Other complex, high level tools may have limitations, may be out of date... any more importantly you do not what the tools is doing under the hood. I do not trust these tools.
Basically there are 5 places those programs can start:
1 and 2: start up group of "all user" and current user.
3. HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun
4. HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun
5. as a service in HKLMSYSTEMCurrentControlSetServices
Keep a eye on those places and no trojen can start automatically. You eyes (more importantly the brain behind the eyes) are better than any tool.
What if you cannot start regedit (it says disabled by administrator) ? the malicious code did one more step by setting a policy key to disable it.
do this: put the following in notepad and save it as "xxx.reg". double click it and regedit is unlocked.
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"DisableRegistryTools"=dword:00000000
If you prefer a complex tool you can do it by gpedit.msc
what if in regedit you cannot change/delete these key? the code might have gone one step further by removing your permissions on the keys. In regedit you need to right click it and choose permissions to assign permissions to yourself. for xp this can be done within regedit. for earlier windows permissions must be assigned with regedt32.
老豬頭 was right. do not go to those high risk porno/warez sites unprotected. if you don't know how to make your pc more secure, at the very least, log on as a regular user (Users group member), not adimistrators member, before go there.
--文學城www.wenxuecity.com--
Basically there are 5 places those programs can start:
1 and 2: start up group of "all user" and current user.
3. HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun
4. HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun
5. as a service in HKLMSYSTEMCurrentControlSetServices
Keep a eye on those places and no trojen can start automatically. You eyes (more importantly the brain behind the eyes) are better than any tool.
What if you cannot start regedit (it says disabled by administrator) ? the malicious code did one more step by setting a policy key to disable it.
do this: put the following in notepad and save it as "xxx.reg". double click it and regedit is unlocked.
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"DisableRegistryTools"=dword:00000000
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"DisableRegistryTools"=dword:00000000
If you prefer a complex tool you can do it by gpedit.msc
what if in regedit you cannot change/delete these key? the code might have gone one step further by removing your permissions on the keys. In regedit you need to right click it and choose permissions to assign permissions to yourself. for xp this can be done within regedit. for earlier windows permissions must be assigned with regedt32.
老豬頭 was right. do not go to those high risk porno/warez sites unprotected. if you don't know how to make your pc more secure, at the very least, log on as a regular user (Users group member), not adimistrators member, before go there.
選擇“Disable on www.wenxuecity.com”
選擇“don't run on pages on this domain”
