Solved

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options spyware program

Posted on 2009-07-15
3
999 Views
Last Modified: 2013-11-08
Hi i keep have a re-encountering problem that i can easily fix but its a shared computer and i would like to know which piece of spyware is responsible for it. I boot up the computer and it cannot load explorer.exe i goto the registry and remove explorer.exe from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
and everything works but it will happen twice a month.  It would be nice to figure out what culprit is causing this. For now i plan on blocking write access to this key by everyone.
0
Comment
Question by:v46n
  • 2
3 Comments
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 24859431
A lot of nasties now hijack Image File Execution Options(IFEO) key. It's now becoming very common. Sometimes instead of explorer.exe, nasties add a subkey "iexplore.exe" so IE won't load if the debuggers pointing to that file is deleted... or hijacks Userinit.exe etc.

Trojan-Dropper.Agent
http://www.threatexpert.com/report.aspx?md5=6d4349e2c1379d05369e5b50e1d5a74e

Trojan:W32/Feedel
http://www.f-secure.com/v-descs/trojan_w32_feedel.shtml

Trojan-Downloader.Agent.AEN
http://www.threatexpert.com/report.aspx?md5=fe938c82127759263c15bae51b8e9f96

Worm.AutoRun!sd6
http://www.threatexpert.com/report.aspx?md5=565c420349579297dff250ed271d382e

 
Worm.AutoRun.GEN
W32.Fujacks.E
Worm.Win32.AutoRun.wuu
PE_AGATDUL.A
W32/Autorun-UM
Virus:Win32/Fujacks.M
Virus.Win32.AdWare


0
 
LVL 2

Author Comment

by:v46n
ID: 24859463
interesting stuff, by changing the permissions on that key i should pretty much protect myself no?
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24914647
Sorry for delayed reply.

If you can lock or change permissions on that key so no one can write or add to it, it would help.

Thanks!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Secure/Block uploads to ftp server 8 128
Russian pop up ad virus 8 147
where can I go online to have a complete anti-malware and anti-virus scan done for free? 12 144
Ransomeware 11 136
The intent of this Article is to provide the basic First Aid steps for working through most malware infections. The target audience includes experienced IT professionals and the casual user who just wants to make the infection go away. **********…
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question