Solved

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options spyware program

Posted on 2009-07-15
3
993 Views
Last Modified: 2013-11-08
Hi i keep have a re-encountering problem that i can easily fix but its a shared computer and i would like to know which piece of spyware is responsible for it. I boot up the computer and it cannot load explorer.exe i goto the registry and remove explorer.exe from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
and everything works but it will happen twice a month.  It would be nice to figure out what culprit is causing this. For now i plan on blocking write access to this key by everyone.
0
Comment
Question by:v46n
  • 2
3 Comments
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 24859431
A lot of nasties now hijack Image File Execution Options(IFEO) key. It's now becoming very common. Sometimes instead of explorer.exe, nasties add a subkey "iexplore.exe" so IE won't load if the debuggers pointing to that file is deleted... or hijacks Userinit.exe etc.

Trojan-Dropper.Agent
http://www.threatexpert.com/report.aspx?md5=6d4349e2c1379d05369e5b50e1d5a74e

Trojan:W32/Feedel
http://www.f-secure.com/v-descs/trojan_w32_feedel.shtml

Trojan-Downloader.Agent.AEN
http://www.threatexpert.com/report.aspx?md5=fe938c82127759263c15bae51b8e9f96

Worm.AutoRun!sd6
http://www.threatexpert.com/report.aspx?md5=565c420349579297dff250ed271d382e

 
Worm.AutoRun.GEN
W32.Fujacks.E
Worm.Win32.AutoRun.wuu
PE_AGATDUL.A
W32/Autorun-UM
Virus:Win32/Fujacks.M
Virus.Win32.AdWare


0
 
LVL 2

Author Comment

by:v46n
ID: 24859463
interesting stuff, by changing the permissions on that key i should pretty much protect myself no?
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24914647
Sorry for delayed reply.

If you can lock or change permissions on that key so no one can write or add to it, it would help.

Thanks!
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
I need to purchase BitCoins 4 112
Different types of mobile security tests 3 107
How do I Uninstall Sophos endpoint Security 8 86
webroot plus microsoft security essentials 2 127
These are on the increase and getting more common these days. Users who use the Google search engine may complain of having their search redirected to unwanted sites, regardless of what browser is used. This happens when the system is infected with…
Some of the most commonly posted questions in the "Virus & Malware" Zones are related to the family of rogue malware with the date "2012" somewhere in the title. Examples: XP Antispyware 2012 XP Antivirus 2012 XP Security 2012   XP Home Sec…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question