Solved

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options spyware program

Posted on 2009-07-15
3
962 Views
Last Modified: 2013-11-08
Hi i keep have a re-encountering problem that i can easily fix but its a shared computer and i would like to know which piece of spyware is responsible for it. I boot up the computer and it cannot load explorer.exe i goto the registry and remove explorer.exe from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
and everything works but it will happen twice a month.  It would be nice to figure out what culprit is causing this. For now i plan on blocking write access to this key by everyone.
0
Comment
Question by:v46n
  • 2
3 Comments
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 24859431
A lot of nasties now hijack Image File Execution Options(IFEO) key. It's now becoming very common. Sometimes instead of explorer.exe, nasties add a subkey "iexplore.exe" so IE won't load if the debuggers pointing to that file is deleted... or hijacks Userinit.exe etc.

Trojan-Dropper.Agent
http://www.threatexpert.com/report.aspx?md5=6d4349e2c1379d05369e5b50e1d5a74e

Trojan:W32/Feedel
http://www.f-secure.com/v-descs/trojan_w32_feedel.shtml

Trojan-Downloader.Agent.AEN
http://www.threatexpert.com/report.aspx?md5=fe938c82127759263c15bae51b8e9f96

Worm.AutoRun!sd6
http://www.threatexpert.com/report.aspx?md5=565c420349579297dff250ed271d382e

 
Worm.AutoRun.GEN
W32.Fujacks.E
Worm.Win32.AutoRun.wuu
PE_AGATDUL.A
W32/Autorun-UM
Virus:Win32/Fujacks.M
Virus.Win32.AdWare


0
 
LVL 2

Author Comment

by:v46n
ID: 24859463
interesting stuff, by changing the permissions on that key i should pretty much protect myself no?
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24914647
Sorry for delayed reply.

If you can lock or change permissions on that key so no one can write or add to it, it would help.

Thanks!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

The intent of this Article is to provide the basic First Aid steps for working through most malware infections. The target audience includes experienced IT professionals and the casual user who just wants to make the infection go away. **********…
Most PC repair technicians (if not all) always start their cleanup process by emptying the temp folders before running any removal tools. It makes sense because temp folders are common places for malware installers to lurk and removing all the junk …
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now