Printable View
I'm currently working on a freeware project that scans the registry (win32 systems) for interesting data (ie- autostart applications, programs installed, virus signatures [some virii leave signatures in the registry], etc...)
I've been searching google for such Sub Keys, etc. Could anyone help me out- maybe you know of some neat Registry root/sub Keys...
Thanx a lot guys/gals- I'd appreciate the help. + If this goes well i might as well give some credit to the AO crew :-)
Registry is often used in various auto-starting methods. Here are some known ways:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Info"="c:\directory\Trojan.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Info"="c:\directory\Trojan.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
"Info"="c:\directory\Trojan.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce]
"Info="c:\directory\Trojan.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Info"="c:\directory\Trojan.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Info"="c:\directory\Trojan.exe"
- Registry Shell Open
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
Registry lookups
This is a good place to look for windows registry keys and what they do.
Thanx "Curious_One"...