Now here's a question and a half...
I've spent a long time looking at spyware and malware and how it all works together.
Now my question is this - is there a list of locations, either in the registry or file-system - where a program can run from automatically?
I am aware that with the advent of services - a program can literally run anywhere, however there are many places inside a Windows XP/2003/Vista/2008 system where Windows looks at and invokes the programs that live there.
Does anyone have a reasonably definitive list of these places?
I'm just looking at putting in some preventative measures to stop nasties from getting their claws in too tightly with some of our more vulnerable laptops... yes anti-virus should do this job but I like a challenge.
Probably the simplest way to get a complete list is to download 'Autoruns' from SysInternals (now part of Microsoft - just find them by searching for 'SysInternals') - it will show you what is set to autorun on the system from all the possible locations (there are lots!)
Look at where "hijack this" scans.