Windows XP Startup Methods - Startup Folders
(Page 3 of 4 )
As with the Registry, there are startup folders with legitimate uses and those that are commonly exploited. Let’s take a look.
Most likely the first one of these folders that comes to mind is the one so appropriately named Startup. Each user has his/her own and there is one that is common to all users in the All Users profile.
As I just eluded, these are located in user profile directories found in the Documents and Settings folder. A typical location might look like this:
C:Documents and SettingsUsernameStart MenuProgramsStartup
Any program or shortcut placed in this folder will be executed as soon as the Desktop is initialized. You can see these easily by looking in the Startup folder on your Start Menu.
Keep in mind that it is very easy to hide unwanted programs in these locations on a default Windows installation. Unless you have enabled viewing of hidden files and folders, any shortcut with a hidden attribute will not appear on your start menu but will still be executed.
Unless you are a power user, this next location probably goes overlooked. But it shouldn’t. Not only is it a huge security vulnerability but it’s also commonly exploited.
%windir%Tasks
This is the folder responsible for housing Scheduled Tasks. While traditional scheduled tasks are specialized shortcuts designed to include information about when and how often a process should be executed, dropping anything in this folder is likely to make it execute.
windirsystemiosubsys
windirsystemvmm32
These final two locations are intended for internal use by the operating system for housing processes related to Windows functionality such as hardware drivers. Identifying rogue programs in these folders is generally very difficult unless you really know what you’re looking for.
Next: Startup Files >>
More BrainDump Articles
More By Nilpo/Developer Shed Staff Writer
