Hi, @cruelsister .
Did the worms in your tests have the capability of self-protection?
I mean, would these worms try to prevent the user from deleting the corresponding startup items?
If these worms do not have self-protection, maybe we can delete their startup items by simply using msconfig or ccleaner...
On the other hand, if the worms DO have self-protection while winpatrol can still remove the their startup items, then I agree that winpatrol is really useful.
Sword- Excellent point. The worm that was used just spawned in one location. For more complex malware (spawning in arbitrary locations) only a manual search and eradication procedure would be effective. But still, WP would have alerted to the problem.