Saved Bookmarks
| 1. |
Solve : How do you disable a program in the registry? |
|
Answer» HI Leave the registry alone. I understand your point, but i was following an artical on disabling programs from the registry, it TOLD you where to go to disable them, but did not tell what you have to do from there, its really for information only or FUTURE reference only. I have autoruns,and defender anyway to disable programs Alright, well, for future reference, thats key doesn't deal with any startup programs, it's actually a key sued by msconfig during a "DIAGNOSTIC" startup (or something along those lines). the keys used by windows to start programs are: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Infectious programs generally (for some of the nastier ones) also install Winlogon hooks: XP: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify Vista: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions Another VECTOR is using the "appinit_DLLs" value, in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows. More info in AppInit_dlls value: http://support.microsoft.com/kb/197571 Programs could also change the association of exefiles, so that instead of running the executable directly (%1) it instead initiates the malware program with the exe file as an argument; for example, by changing it to drive:\Path\to\malware.exe" "%1" %* It usually infects the program in some way and then runs it, so it might not even be noticed. And of course, the StartUp Folder can be used to run programs every startup, but malware generally stays away from that for some reason (perhaps too obvious) Here's an interesting article detailing some of these keys and how to use them to remove infections if it ever becomes necessary. It's aimed at windows 2000 but in general aside from moving a few keys (such as the winlogon notify key above) most of the information is still relevant. Quote from: BC_Programmer on January 18, 2010, 12:27:35 AM Alright, well, for future reference, thats key doesn't deal with any startup programs, it's actually a key sued by msconfig during a "diagnostic" startup (or something along those lines). the keys used by windows to start programs are: OK BC_programmer, i am not infected or anything like that, i have just found this key the same time you replyed, which would haved saved me 15 miniutes I have 5 programs listed in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Now would i just DELETE one of these entries, so that is does not load on startup, is this the same a disabling it, or am i removing the entry completly..? yes, you delete the entry. Normally, autoruns and other such programs make a backup of them. That is how you see, for example, unchecked items that you can reenable. Quote from: BC_Programmer on January 18, 2010, 12:49:11 AM yes, you delete the entry. GREAT OK, BC_programmer, got that "just delete the entry" to the program Now the artical says " you can add entries here also, but we recommend that you use the "windows run at startup policy settings" to add programs that you want to run at startup" Is this group policy, which i don't have on the vista machine, so i would be interested in how you would add a program in this registry key. O by the way the artical i am looking at is here... http://www.pacs-portal.co.uk/startup_content.php 7) Registry Editor - Windows 9x/Me/NT/2000/XP/Vista its about half way down the page |
|