Purge-It ! Guided Tour
 Preparation :: Getting to know the system

The user can check what programs are normally running onto his systems using the "Running Files" Tab. These should be normal application he installed.

Note that Kernel32.dll,Msgsrv32.exe,Mprexe.exe,Mmtask.tsk are all Windows CORE components and should not be killed nor deleted.

Pay attention at the Exact name, Icon of the executables and their approximate sizes, as some Trojans try to spoof those core components by using similar names, like "Msgsevr16.exe".

Ever wondered how diverse Programs _always_ start with windows and don't give you a chance to block those ? Here's the Solution.

Here you see normal Programs using RUN keys to startup themselves.
Note :
"ScanRegistry" "C:\WINDOWS\scanregw.exe /autorun"
and
"LoadPowerProfile" Rundll32.exe powrprof.dll..."
These are programs shipping with Windows. Those key may be deleted without Windows failing to load or causing an non-working system, but those normally should be left in place.
Also note that deleting Auto-run keys does not mean that you deleted the executable file itself.

The abbreviation HKLM means Local Machine, those keys are always started.
The abbreviation HKCU means Current user, those keys are only started if the current logged in User is logs in.
 Goal

The goal of the previous steps is to get used to the Operation System and it's normal behavior. You will see that more and more you play with Purge-It, more and more you will get to know your system.



Being able to tell the Normal State of your system goes along with spotting the non normal State and Unormal Behaviour.

Continue >>

 
Back To Top