Where Viruses Hide

This article is to show you the various places where virus can hide. So if your computer is acting crazy, you might want to take a look at these hot spots.

START-UP FOLDER – This is the most logical place! Windows opens every item in the Start Menu’s Start Up folder. This folder is prominent in the Programs folder of the Start Menu. Notice that I did not say that Windows “runs” every program that is represented in the Start Up folder. I said it “opens every item.” There’s an important difference.

Programs represented in the Start Up folder will run. But you can have shortcuts in the Start Up folder that represents documents, not programs.

For example, if you put a Microsoft Word document in the Start Up folder, Word will run and automatically open that document at during system initialization; if you put a WAV file there, your audio software will play the music at initialization, and if you put a Web-page Favorites there, Internet Explorer (or your own choice of a browser) will run and open that Web page for you when the computer starts up. (The examples cited here could just as easily be shortcuts to a WAV file or a Word document, and so on.)

REGISTRY. Windows executes all instructions in the “Run” section of the Windows Registry. Items in the “Run” section (and in other parts of the Registry listed below) can be programs or files that programs open (documents), as explained in No. 1 above. Windows executes all instructions in the “RunServices” section of the Registry.

BATCH FILE. Windows executes all instructions in the Winstart batch file, located in the Windows folder. (This file is unknown to nearly all Windows users and most Windows experts, and might not exist on your system. You can easily create it, however. Note that some versions of Windows call the Windows folder the “WinNT” folder.) The full filename is WINSTART.BAT.

INITIALIZATION FILE. Windows executes instructions in the “RUN=” line in the WIN.INI file, located in the Windows (or WinNT) folder.

As with Win.ini, file names might be preceded by considerable space on such a line, to reduce the chance that they will be seen. Normally, the full path of the file will be included in this entry. If not, check the \Windows directory

Windows has a lot of phases at the start of level but if you know what you are doing, you can catch weird files that will save you downtime.


Leave a Reply