Hi Sir markus0r,

this is because most current Malware needs to put its startup-entry “somewhere” (except now rare “classic” file-infecting viruses)

→ and HJT shows most of the startup-entries, so it’s pretty easy to detect anything unusual there →
Thus detection is possible even for malware which a current malware-Scanner doesn’t know
:wink: