AutoRunByValue

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Searches for a registry run entry by the registry value name. If the directory parameter is set, a directory of the given name will be detected too, if the file resided inside it.

Usage

```AutoRunByValue:[Value name],[Directory],<advanced file parameters>
```

Examples

```AutoRunByValue:"Spyware","Spyware"
```

This would detect the following entry inside the registry, and will add both the registry value and the directory Spyware to the results list.

```[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware"="C:\\Program files\\Spyware\\spyware.exe"
```

Description

This command is only to be used in rare cases where the autorun entry might be the only lead to a totally random directory name. It detects a Run value, much like AutoRun, and also an associated directory. Again, you may specify advanced file parameters to limit detection in case of ambigious value names (which nearly all are, so make use of this)! You may also keep the directory parameter empty, but you may not obmit it. Algo-Prefixes are supported only for the value name.