The user can check what programs are normally
running onto his systems using the "Running Files"
Tab. These should be normal application he installed.
Note that Kernel32.dll,Msgsrv32.exe,Mprexe.exe,Mmtask.tsk
are all Windows CORE components and should not be killed
nor deleted.
Pay attention at the Exact name, Icon of the executables and
their approximate sizes, as some Trojans try to spoof those
core components by using similar names, like "Msgsevr16.exe".
Ever wondered
how diverse Programs _always_ start with windows and don't
give you a chance to block those ? Here's the Solution.
Here you see normal Programs using RUN keys to startup themselves.
Note :
"ScanRegistry" "C:\WINDOWS\scanregw.exe /autorun"
and
"LoadPowerProfile" Rundll32.exe powrprof.dll..."
These are programs shipping with Windows. Those key may be
deleted without Windows failing to load or causing an non-working
system, but those normally should be left in place.
Also note that deleting Auto-run keys does not mean that you
deleted the executable file itself.
The
abbreviation HKLM means Local Machine, those keys are
always started.
The
abbreviation HKCU means Current user, those keys are
only started if the current logged in User is logs in.
Goal
The goal
of the previous steps is to get used to the Operation System
and it's normal behavior. You will see that more and more
you play with Purge-It, more and more you will get to know
your system.
“
Being
able to tell the Normal
State
of your system goes along with spotting the non
normal State
and Unormal Behaviour.
