--- Alan Martin <[EMAIL PROTECTED]> wrote: > There have been a few other errors in this thread: > > DavidT wrote [re SysInternals Autoruns] > D> Still doesn't include autoexec.bat, win.ini, winbatch.bat, doesn't show > D> .exe/bat/com associations and a couple other areas. Will have to keep hunting! > > Sean> I think those ones are used only in 9x, so won't be shown in NT. > > Some of those ARE used by NT. The .exe/bat/com associations > will surely have an effect in NT.
Oops, this one was not meant to be remained here. > There are several places like that which are not usually used in XP > but which can still have an effect IF they are used. > For example, there is an option in XP whether autoexec.bat > should be executed at bootup. Yup, I know it. But, the usability is very restricted than that in 9x, AFAIK. > Remember the XP system retains a lot of old places such as > system.ini and win.ini for use by old apps, even win3.1 apps > which XP is still able to run. I think they exist mainly for (backward) compatibility reason for DOS/Win16 apps. I think you meant it too. > Therefore, if you are doing a serious trouble shoot looking > for trojans in an XP system, you'd better check all the > 95/98 places in addition to the XP places. We don't know > for sure which old 95/98 places are definitely disabled > in XP. I don't think the start-up location really doesn't matter for the malwares. To notice and remove them from HDD is the important thing. Could we tell which one is the trojan or Virus just by looking at the start-up location? Anyway, we can notice their presence through Task Managers. Well, I'm aware that there could be more tricky situations. They can be in dll's, not in stand-alone executables, and the ones like you mentioned ... So we need Anti-virus/Trojan and/or Firewall anyway. > Sean wrote: > S> I'm afraid you're wrong here. > S> Both the Run keys in "HKLM/HKCU" and the startup folder are > S> controlled by the Explorer Shell. No Explorer Shell, no > S> start of the proggies in these Keys/Folder. > S> You may try without the explorer shell. > > Most people with "No Explorer Shell" are using an alternative shell > such as LiteStep. Most alt shells do run your startups, from both > the Run keys in HKLM and HKCU and the startup folder. > > Those items are not run if: > - you have no shell at all, > - or specifically set your alt shell's option to not run startup items, > - or use an unusually poor alt shell which cannot run the startups. I know, or more properly, I heard that recent alt shells could take care of those ones themselves. My point was that those are meant to be used by the Explorer shell. So, those are triggered by the Explorer (or alt shells of course), so can't be run before user's login and can't survive the user's logoff. Only services can do. Sean ------------------------ Yahoo! Groups Sponsor --------------------~--> Make a clean sweep of pop-up ads. Yahoo! Companion Toolbar. Now with Pop-Up Blocker. Get it for free! http://us.click.yahoo.com/L5YrjA/eSIIAA/yQLSAA/JV_rlB/TM --------------------------------------------------------------------~-> Attention: PowerPro's Web site has moved: http://www.ppro.org Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/power-pro/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
