Tuesday, November 09, 2004
Stop Malicious Windows Start-Up Applications!
A few days ago, I was in the process of fixing yet another Windows XP box when I stumbled upon a simple method for locating and removing malicious applications hidden in the system's start-up list.
1. Download RegCleaner or other Registry-snooping application.
2. Find the 'Startup List' section. In here, you'll have a list of the applications that are run during your system startup.
Most of the items here are necessary for basic system operation and usually relate to legitimate software reminders and scanners like virus scan, Quicktime, bill reminders, etc. Unfortunately, this isn't always the case as malicious applications like viruses and spy-ware can hide here.
Fortunately, we can remove them!
In this particular situation, I found two items that appeared to be suspicious:
sdbot05b.exe & llass.exe
Still, I wasn't 100% sure about their purpose so I performed a Google search on each name. It was clear from the initial search summaries that these were indeed malicious pieces of software.
To remove them, I checked the boxes for each item in RegCleaner and clicked the 'Remove Selected' button. Voila!
Though this particular machine had Norton Anti-Virus and Lavasoft's Ad-aware installed, it still failed to detect these exploits.
Ultimately, computers, like our automobiles, require the proper preventive measures and maintenance to continue running well. This is true for any operating system but applies especially to Windows machines given their exposure and lack of built-in, well conceived security measures.
1. Download RegCleaner or other Registry-snooping application.
2. Find the 'Startup List' section. In here, you'll have a list of the applications that are run during your system startup.
Most of the items here are necessary for basic system operation and usually relate to legitimate software reminders and scanners like virus scan, Quicktime, bill reminders, etc. Unfortunately, this isn't always the case as malicious applications like viruses and spy-ware can hide here.
Fortunately, we can remove them!
In this particular situation, I found two items that appeared to be suspicious:
sdbot05b.exe & llass.exe
Still, I wasn't 100% sure about their purpose so I performed a Google search on each name. It was clear from the initial search summaries that these were indeed malicious pieces of software.
To remove them, I checked the boxes for each item in RegCleaner and clicked the 'Remove Selected' button. Voila!
Though this particular machine had Norton Anti-Virus and Lavasoft's Ad-aware installed, it still failed to detect these exploits.
Ultimately, computers, like our automobiles, require the proper preventive measures and maintenance to continue running well. This is true for any operating system but applies especially to Windows machines given their exposure and lack of built-in, well conceived security measures.
Posted by Ernest Millan at 7:11 PM
Post a Comment |
1 comment
Steven said...
"Just to mention, Spybot Search and Destroy also allows you to clean up the startup (you have to be in expert mode though), and it's a free program all around."
12:32 AM, November 13, 2004