Startupware: Managing Startups

Did another spyware cleanup today. User reported that a spyware cleanup tool appeared immediately after running Windows Update. Guess: the update process changes some Internet Explorer settings back to defaults (known), and at that point, a third-party toolbar sitting in the “c:\winnt\downloaded program files” was able to run a delayed install. Moral of the story: [...]

Yes, indeed. Very clever, these spyware authors. Working on a cleanup, found a spyware component, turned out to be part of Aurora, that the usual cleanup tools could find, but only could remove on restart. Restarted, and amazingly, it’s gone. Only not; it has a new name. Seems this one randomly renames itself on shutdown, [...]