Boing Boing: Where to find malware on a Windows box

Tuesday, September 28, 2004

Where to find malware on a Windows box

Here's a good guide to all the places in a Windows installation that a worm or virus can hide itself.

2. REGISTRY. Windows executes all instructions in the "Run" section of the Windows Registry. Items in the "Run" section (and in other parts of the Registry listed below) can be programs or files that programs open (documents), as explained in No. 1 above.
3. REGISTRY. Windows executes all instructions in the "RunServices" section of the Registry.
4. REGISTRY. Windows executes all instructions in the "RunOnce" part of the Registry.

Link (via Red Ferret Journal)

posted by Cory Doctorow at 09:20:01 AM permalink | Other blogs' comments

suggest a link \| defeat censorware \| rss \| archives \| t-shirts \| digital emporium \| podcast feed \| mark \| cory \| david \| xeni \| john
Support Bloggers' Rights! HOWTO: Get a link posted to Boing Boing Boing Boing Mobile powered by Winksite Fark rules! This work is licensed under a Creative Commons License permitting non-commercial sharing with attribution. Boing Boing is a trademark of Happy Mutants LLC in the United States [and other countries]. Stats (About our stats) defeat censorware Policies Our first five years' worth of posts in one file	Tuesday, September 28, 2004 Where to find malware on a Windows box Here's a good guide to all the places in a Windows installation that a worm or virus can hide itself. 2. REGISTRY. Windows executes all instructions in the "Run" section of the Windows Registry. Items in the "Run" section (and in other parts of the Registry listed below) can be programs or files that programs open (documents), as explained in No. 1 above. 3. REGISTRY. Windows executes all instructions in the "RunServices" section of the Registry. 4. REGISTRY. Windows executes all instructions in the "RunOnce" part of the Registry. Link (via Red Ferret Journal) posted by Cory Doctorow at 09:20:01 AM permalink \| Other blogs' comments Email this entry to: Your email address: Message (optional):	Boing Boing Sponsored by: Your Text Ad Here Get BB by email: