AutoRunByValue

From SpybotWiki
Revision as of 16:14, 17 February 2008 by CCRDude (talk | contribs)
Jump to: navigation, search
This SBI command is outdated and will probably not be supported in Spybot-S&D 2.0. As of yet, it is unclear whether an automated conversion path exists. Automated conversion paths may also be less sufficient than a manual upgrade. We recommend that you take a look at AutoRun for a possible alternative command.

Searches for a registry run entry by the registry value name. If the directory parameter is set, a directory of the given name will be detected too, if the file resided inside it.

Usage

AutoRunByValue:[Value name],[Directory],<advanced file parameters>

Examples

AutoRunByValue:"Spyware","Spyware"

This would detect the following entry inside the registry, and will add both the registry value and the directory Spyware to the results list.

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Spyware"="C:\\Program files\\Spyware\\spyware.exe"

Description

This command is only to be used in rare cases where the autorun entry might be the only lead to a totally random directory name. It detects a Run value, much like AutoRun, and also an associated directory.

  1. The first parameter describes the value to find. Algo-Prefixes are supported only here. AP
  2. The second parameter means an additional folder that might get flagged if the run entry points to a file inside a folder of that name. You may also keep this directory parameter empty, but you may not obmit it.
  3. You may specify advanced file parameters to limit detection in case of ambigious value names (which nearly all are, so make use of this)!

See also

Similar commands