Detections
Analytics

Windows AutoRuns JavaScript MSHTML

info Nessus Plugin ID 80887

Language:

Synopsis

Report JavaScript running on startup.

Description

Reports if one of the autorun keys in the registry is using the JavaScript MSHTML technique to allow startup actions. This technique is not common in most software and has been shown to be used by malware to perform persistence without having a file on disk.

The detection of this technique does not imply that the remote host has a malware infection, but an administrator should verify.

See Also

http://www.nessus.org/u?37e3a88e

http://www.nessus.org/u?6738698f

Plugin Details

Severity: Info

ID: 80887

File Name: windows_autoruns_javascript_mshtml.nbin

Version: 1.256

Type: local

Agent: windows

Family: Windows

Published: 1/21/2015

Updated: 4/15/2024

Supported Sensors: Nessus Agent, Nessus

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated, war/setup/ran