The purpose of this study was to investigate automatic execution methods in Windows operating systems, as used and abused by malware. Using data extracted from the Web, information on over 10,000 malware specimens was collected and analyzed, and trends were discovered and presented. Correlations were found between these records and a list of known autostart locations for various versions of Windows. All programming was written in PHP, which proved very effective. A full breakdown of the popularity of each method per year was constructed. It was found that the popularity of many methods has varied greatly over the last decade, mostly following operating system releases and security improvements, but with some frightening exceptions
