AutoStart Entry Points in Windows

AutoStart Entry Points in Windows

Except in the case of rootkit-enabled malware, it's often possible to remove an infection (at least the active components) by removing their startup points. Following is a list of some of the more frequently used autostart entry points in Windows, including startup folders, registry keys, and ini files. Use the list as a guide as to where to look for the signs of a malware infection - but remember, registry edits and system changes should only be attempted by experienced users.

WIN.INI file

The WIN.INI file was used in earlier versions of Windows (3.x and 9x) to load applications and configuration settings at startup. Though no longer used by default on newer operating systems such as Windows XP, values included in these files will still be acted upon. Thus, some malware authors will leverage the WIN.INI file to load viruses or other malicious software. 

The pertinent sections to check in the WIN.INI file are the and lines located under the [Windows] heading.