Malware startup locations

Typical malicious parasites run on every system startup. They all have specific entries in Windows registry keys read by the system on its startup. In other words, one such entry is enough to start any application without user knowledge and consent.

Antiviruses and anti-spyware programs always scan special registry keys. However, if you are dealing with a new infection that cannot be detected yet, you have to search through the registry all by yourself in order to prevent malware from running. Unfortunately, there are lots of locations that can be used by parasites. That's why it is very difficult to find pest's startup location if you have no details on the malware you have.

F-Secure, reputable antivirus makers, provide the Top10 of malware registry launchpoints. You can find it on their weblog.

According to statistics, the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run is the most probable location of parasite's startup entry. 39,8% threats use it. Other four most popular entries are:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

The rest of the list can be found here.


  • John Everson

    These directions solved and removed Malware File mazyebsy.dll from my register when I ran REGEDIT and deleted the file line. The file was located in the first suggestion (39.8%). Thanks!

Files
Software
Compare
Like us on Facebook