Hi malware fighetrs,
Well an interesting read for you, from Autorun to Winlogon\various locations to ShellExecute and more:
http://forum.spywareanalytics.com/content.php?135-Exotic-malware-startup-methods
Keep your eye on the sparrow, malware fighters,
polonus
Autoruns could see some of them, but, indeed, only a good antivirus could have an eye in that much locations…
If we try to monitor, well, we won’t do anything else in our lives ;D
Hi Tech,
One, two hours a day is more than enough for me now, and I learn all the way and start to recognize fixed patterns now, but it is intriguing stuff and when it gets you, you want to dive into it further. That is with every hobby - et in locum amotorum …
Damian
Okay from my experience i know also different methods like:
1.Changing driver path:
if a malware could change the load path of a current driver this malware will be launched every time windows start
2.changing debugger path:
if a malware change the default debugger"i mean make the default debugger is the malware",this malwae will be launched with every fault,or simply the attacker could add a trusted program to run in every system start like “notepad.exe"then attach the debugger to the notepad.exe"in registry"and every start the user will see the notepad and the malware will run
3.appinitdlls:
if a malware modify the key in registry the program will injected into every process"will run”
4.Knowndlls:
if a malware could modify an OS object in memory,then it will run in a trusted process ask for this object
5.if a malware search the registry for a service dont have a driver file"i mean the file has been deleted and the key is still there"then the malware will create a file in the drivers folder and as a result the malware will launched