Monitoring of the Active Setup Registry Key
What is the Active Setup?
Why monitor this key?
Microsoft uses this key to setup installed Windows components.
You can see a list of the installed components under the key
HKLM\Software\Microsoft\Active Setup\Installed Components
You should launch RegEdit to view it.
As you can see, the registry key of each component has a list of values.
These values are used by Windows to identify a component.
One of these values, StubPath, is very important.
This value includes a command that Windows executes every time it starts if a value called "IsInstalled," is not set to 1 (binary value).
Active Setup is used by new Trojans to install them to the computer.
This is very dangerous because then Windows launches the Trojan before other programs ARE loaded.
 
从上面看,这个项目也是系统启动项目,很容易被***所利用。