2
What i know is that most viruses use the registry/start up folder to add them to the start up list. Other may use an auto start windows service.
What about the rest, if the virus is not in the services or the start up list how does it start up then?
I recently had this problem i cleaned almost all suspicious start up registry entries and services and still the virus was starting up each time i booted into windows.
Any ideas?
Tomasi
Posted 2010-02-24T11:46:29.457
Reputation: 785
5
Windows provides zillions of hooks where malicious code could be added... Sysinternals' Autoruns provides a list of many of those. It might help.
AKX
Posted 2010-02-24T11:46:29.457
Reputation: 323
1
You can start them by running an infected file - "infected" means that some other instance of the malware has added a copy of its code to a previously safe executable program, so that when you run that program, it also runs the malware code.
When a PC boots, one of the first things it does is load the first block of data on the hard disk: normally that contains the Master Boot Record, which is a tiny program that finds a bootable operating system (Windows, Linux, whatever) and loads it.
But it's possible for that program to be modified, so that it loads some malicious software every time you boot your PC.
A more common possibility these days is software hidden in USB flash drives: Windows traditionally looks for a file on every removable device (floppy, CD, USB drive) called Autorun.inf, which tells it which program(s) to run automatically; so it's quite easy for a program to lurk there and be loaded when you plug in your USB device.
10-15 years ago, this autorun feature was supposed to be a convenience, but nowadays it's downright dangerous.
njd
Posted 2010-02-24T11:46:29.457
Reputation: 9 743
0
There is also the possibility of a Rootkit which can hide itself completely from the operating system (Windows or otherwise)
Shevek
Posted 2010-02-24T11:46:29.457
Reputation: 15 408
0
The virus may have added itself to the boot record, the Windows boot loader or even some system file that's loaded at boot time.
goedson
Posted 2010-02-24T11:46:29.457
Reputation: 896
You can see from the sheer number of tabs in Autoruns' GUI, just how many different ways there are for code to be started in Windows. – njd – 2010-02-24T18:14:37.663