As already discussed by Mike , malware authors love to innovate when it comes to persistence and hiding their nefarious creations from detection, and although most of the schemes are not unknown to analysts, they still show that malware authors are constantly on the prowl and evolving their techniques. The example I have is of yet another registry-centric malware which by the nature of its construction has several advantages to defeating naive security software. The sample, detected as Troj/RegExec-A , is essentially a multi-component threat of sorts comprising of at least 3 components (Dropper/installer, Payload and Loader.) The dropper or installer component sets up the registry key and possibly some default payload and then installs the Loader component to be auto-launched by any number of autorun methods.
Continue reading here:
Registered malware