starlifter
Deity
- Joined
- Jun 17, 2001
- Messages
- 4,210
The Problem
You want to change values in your Windows Registry.
You want to manually see, access, and change which programs sneak themselves into your registry to start themselves at boot.
Description
A number of Trojan programs (programs that try and fool you about what they really do, like spy on your computer use, allow others to control and access your machine via the internets, etc.) and a number of viruses (virii) simply activate themselves via one or more Registry keys.
You want to view, examine, change, add, delete Registry keys.
There are 3 main methods to access your Registry:
(1) regedit.exe (A MS program)
(2) 3rd Party registry Editors (like Norton's)
(3) Specialty programs (like msconfig.exe -- a MS program)
Always back up your system before editing your registry! Preferrably use a good 3rd party program, like FixIt Uitilities 4.0.
Procedure:
1. Activate regedit.exe: START --> RUN --> regedit.exe
Note: MS's regedit.exe should be located in your windows root directory (like C:\Windows). If not, search your machine for that file.
2. You will get an Explorer-looking interface. This is how you view and edit your Registry with MS's pitiful Registry Editor.
3. Expand the following branch, much like you would a "directory":
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\
4. Double clicking a name in the right hand pane will bring up the popup window "Edit ____", similar to the above screenshot.
5. Note the bottom of the "Registry Editor" window.... the entire registry location is shown. Registry locations can be very long.
6. The "Name" column refers to the key's name. The "Data" column refers to the key's actual contents (e.g., a program path/name).
7. In general, you can simply copy the program's name, then paste it into a new Shortcut, and activated the program via the shortcut icon... this means you can delete the key from HKLM\ ... \run
Caveats
Always back up your registry, at least until you get very good at using it.
Keep an eye on your HKLM\Software\MS\Windows\CV\Run\ contents, esp. after installing a new program.
Carelessness can result in the necesity to reinstall Windows, unless you have backed you your W9x registry first (NTx OSs can boot with Last Known Good).
More Info:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\
This is one place where many annoying programs hide out and activate themselves when you boot. Nothing need ever be in here, except for your own personal convenience. This is the registry equivilent of the STARTUP folder.
As most know, if you copy a shortcut to the STARTUP folder, it will be run automatically at boot. Or you can do the same thing my manually activating each STARTUP program, and keeping the STARTUP folder empty.
Everything in this location can be converted to a shortcut, the key deleted, and the shortcut run manually (if desired). Always check this entry after installing new software, and before rebooting. A virus or trojan may put itself here, and activate.
There are other locations where programs activate themselves, too. These are the most popular keys that programs use to activate themselves:
Here is the main list (7 locations):
HKLM\Software\MS\Windows\CV\Run\
HKLM\Software\MS\Windows\CV\RunOnce\
HKLM\Software\MS\Windows\CV\RunOnceEx\
HKLM\Software\MS\Windows\CV\RunServices\
HKLM\Software\MS\Windows\CV\RunServicesOnce\
HKCU\Software\MSWindows\CV\Run\
HKCU\Software\MS\Windows\CV\RunOnce\
Notes:
HKLM is short for HKEY_LOCAL_MACHINE
HKCU is for HKEY_CURRENT_USER
MS is short for Microsoft
CV = CurrentVersion
e.g., HKLM\Software\MS\Windows\CV\Run\ is actually HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\
You want to change values in your Windows Registry.
You want to manually see, access, and change which programs sneak themselves into your registry to start themselves at boot.
Description
A number of Trojan programs (programs that try and fool you about what they really do, like spy on your computer use, allow others to control and access your machine via the internets, etc.) and a number of viruses (virii) simply activate themselves via one or more Registry keys.
You want to view, examine, change, add, delete Registry keys.
There are 3 main methods to access your Registry:
(1) regedit.exe (A MS program)
(2) 3rd Party registry Editors (like Norton's)
(3) Specialty programs (like msconfig.exe -- a MS program)
Always back up your system before editing your registry! Preferrably use a good 3rd party program, like FixIt Uitilities 4.0.
Procedure:
1. Activate regedit.exe: START --> RUN --> regedit.exe
Note: MS's regedit.exe should be located in your windows root directory (like C:\Windows). If not, search your machine for that file.
2. You will get an Explorer-looking interface. This is how you view and edit your Registry with MS's pitiful Registry Editor.
3. Expand the following branch, much like you would a "directory":
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\
4. Double clicking a name in the right hand pane will bring up the popup window "Edit ____", similar to the above screenshot.
5. Note the bottom of the "Registry Editor" window.... the entire registry location is shown. Registry locations can be very long.
6. The "Name" column refers to the key's name. The "Data" column refers to the key's actual contents (e.g., a program path/name).
7. In general, you can simply copy the program's name, then paste it into a new Shortcut, and activated the program via the shortcut icon... this means you can delete the key from HKLM\ ... \run
Caveats
Always back up your registry, at least until you get very good at using it.
Keep an eye on your HKLM\Software\MS\Windows\CV\Run\ contents, esp. after installing a new program.
Carelessness can result in the necesity to reinstall Windows, unless you have backed you your W9x registry first (NTx OSs can boot with Last Known Good).
More Info:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\
This is one place where many annoying programs hide out and activate themselves when you boot. Nothing need ever be in here, except for your own personal convenience. This is the registry equivilent of the STARTUP folder.
As most know, if you copy a shortcut to the STARTUP folder, it will be run automatically at boot. Or you can do the same thing my manually activating each STARTUP program, and keeping the STARTUP folder empty.
Everything in this location can be converted to a shortcut, the key deleted, and the shortcut run manually (if desired). Always check this entry after installing new software, and before rebooting. A virus or trojan may put itself here, and activate.
There are other locations where programs activate themselves, too. These are the most popular keys that programs use to activate themselves:
Here is the main list (7 locations):
HKLM\Software\MS\Windows\CV\Run\
HKLM\Software\MS\Windows\CV\RunOnce\
HKLM\Software\MS\Windows\CV\RunOnceEx\
HKLM\Software\MS\Windows\CV\RunServices\
HKLM\Software\MS\Windows\CV\RunServicesOnce\
HKCU\Software\MSWindows\CV\Run\
HKCU\Software\MS\Windows\CV\RunOnce\
Notes:
HKLM is short for HKEY_LOCAL_MACHINE
HKCU is for HKEY_CURRENT_USER
MS is short for Microsoft
CV = CurrentVersion
e.g., HKLM\Software\MS\Windows\CV\Run\ is actually HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\
