We apply Autostart Extensibility Points (ASEPs) with disinfector trainer und learn monitoring of ASEP creation with dynamic malware analysis and basic disinfection with Autoruns and regedit.
Note: This is not a comprehensive disinfection tutorial but one exercise. It requires more training than that until you can perform actual disinfection.
Disinfector trainer: https://github.com/struppigel/Hedgeho...
Password for unpacking the archive is "infected" without the quotes
00:00 Intro
00:40 Scenario 1, using Disinfector Trainer
03:30 Sysinternals Autoruns
08:05 Run key and IFEO
13:08 Scenario 3
13:35 RunOnce key
14:05 Active Setup
18:10 LNK in Startup folder
19:12 Service
20:05 Scheduled Task
Note: This is not a comprehensive disinfection tutorial but one exercise. It requires more training than that until you can perform actual disinfection.
Disinfector trainer: https://github.com/struppigel/Hedgeho...
Password for unpacking the archive is "infected" without the quotes
00:00 Intro
00:40 Scenario 1, using Disinfector Trainer
03:30 Sysinternals Autoruns
08:05 Run key and IFEO
13:08 Scenario 3
13:35 RunOnce key
14:05 Active Setup
18:10 LNK in Startup folder
19:12 Service
20:05 Scheduled Task
