Malware is often engineered to remain on a computer it has infected even after the computer is rebooted. To do so, the malware registers itself with the operating system, such that it is automatically loaded when the operating system restarts. In an effort to evade detection by anti-malware products, malware is often polymorphic in nature. Polymorphic malware changes the file in which it resides (known as the backing file) with every infection (or at other frequencies), so as to avoid detection by signature based scanning. As the backing file changes between infections, so too does its fingerprint (hash). Thus, scanning files for signatures of known malware can fail to identify a changed backing file. Different tools of varying effectiveness do exist for detecting polymorphic malware, but it would be desirable to further address these issues, practically in the context of polymorphic malware that registers itself with the operating system to remain on an infected computer after reboot.