Solved

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options spyware program

Posted on 2009-07-15
3
1,005 Views
Last Modified: 2013-11-08
Hi i keep have a re-encountering problem that i can easily fix but its a shared computer and i would like to know which piece of spyware is responsible for it. I boot up the computer and it cannot load explorer.exe i goto the registry and remove explorer.exe from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
and everything works but it will happen twice a month.  It would be nice to figure out what culprit is causing this. For now i plan on blocking write access to this key by everyone.
0
Comment
Question by:v46n
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 24859431
A lot of nasties now hijack Image File Execution Options(IFEO) key. It's now becoming very common. Sometimes instead of explorer.exe, nasties add a subkey "iexplore.exe" so IE won't load if the debuggers pointing to that file is deleted... or hijacks Userinit.exe etc.

Trojan-Dropper.Agent
http://www.threatexpert.com/report.aspx?md5=6d4349e2c1379d05369e5b50e1d5a74e

Trojan:W32/Feedel
http://www.f-secure.com/v-descs/trojan_w32_feedel.shtml

Trojan-Downloader.Agent.AEN
http://www.threatexpert.com/report.aspx?md5=fe938c82127759263c15bae51b8e9f96

Worm.AutoRun!sd6
http://www.threatexpert.com/report.aspx?md5=565c420349579297dff250ed271d382e

 
Worm.AutoRun.GEN
W32.Fujacks.E
Worm.Win32.AutoRun.wuu
PE_AGATDUL.A
W32/Autorun-UM
Virus:Win32/Fujacks.M
Virus.Win32.AdWare


0
 
LVL 2

Author Comment

by:v46n
ID: 24859463
interesting stuff, by changing the permissions on that key i should pretty much protect myself no?
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24914647
Sorry for delayed reply.

If you can lock or change permissions on that key so no one can write or add to it, it would help.

Thanks!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Full list of ransomwares to date 6 140
antivirus on mac 8 82
Sudden performance loss on a Vista system. 14 156
Behavior-based and anomalies detection for Microsoft 3 36
It started not too long ago. It was at first annoying. My keystrokes seemed to be randomly generated, not the ones I typed on the keyboard. For some reason this only happened in certain applications (especially browsers such as IE11, Firefox and Chr…
Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question