How many times do we happen to apply a clean boot (or maybe just take a look at the processes in startup) and find an entry with only “Program” written? Let‘s see how to take action to figure out what software it belongs to
Let’s change the task manager view
The first thing to do is to understand the path where the file resides, which is crucial to understand what program it is associated with.
To get it to open the Task Manager (or Task Manager), hover over the Start tab and right-click on Name, checking Command Line now.
Now we could see the path of the file that will tell us which software it belongs to. Usually they refer to software already removed from the system and it will be enough to disable them, if instead we were to see an abnormal path, which maybe points to a temporary folder or a subfolder in AppData, we could be infected.
In this regard, it is useful to follow our dedicated guide:
Let’s modify the registry
NOTE: Disabling executables at startup is more than enough, if you are not practical or geeks it is NOT recommended to act on the register.
If, on the other hand, we want to physically remove the reference at startup, you must check the following paths in the log:
HKEY_LOCAL_MACHINE-Software-Microsoft-Windows-CurrentVersion-RunServicesOnce
HKEY_LOCAL_MACHINE-Software-Microsoft-Windows-CurrentVersion-RunServices
HKEY_LOCAL_MACHINE-Software-Microsoft-Windows-CurrentVersion-RunOnce
HKEY_LOCAL_MACHINE-Software-Microsoft-Windows-CurrentVersion-Run
HKEY_CURRENT_USER.Software
Where within these path we will find the path references that we identified by The Task Manager, just delete the value and close the log.
Warning Incorrect editing of the registry through the editor or another method can cause serious problems, which may require you to reinstall the operating system. Microsoft cannot help you troubleshoot problems that result from the mishandling of Registry Editor. Changing the registry is at the user’s risk. Before you make registry changes, we recommend that you perform a save of the affected keys, as noted in:How to back up and restore the registry in Windows