Solved

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options spyware program

Posted on 2009-07-15
3
1,026 Views
Last Modified: 2013-11-08
Hi i keep have a re-encountering problem that i can easily fix but its a shared computer and i would like to know which piece of spyware is responsible for it. I boot up the computer and it cannot load explorer.exe i goto the registry and remove explorer.exe from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
and everything works but it will happen twice a month.  It would be nice to figure out what culprit is causing this. For now i plan on blocking write access to this key by everyone.
0
Comment
Question by:v46n
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 24859431
A lot of nasties now hijack Image File Execution Options(IFEO) key. It's now becoming very common. Sometimes instead of explorer.exe, nasties add a subkey "iexplore.exe" so IE won't load if the debuggers pointing to that file is deleted... or hijacks Userinit.exe etc.

Trojan-Dropper.Agent
http://www.threatexpert.com/report.aspx?md5=6d4349e2c1379d05369e5b50e1d5a74e

Trojan:W32/Feedel
http://www.f-secure.com/v-descs/trojan_w32_feedel.shtml

Trojan-Downloader.Agent.AEN
http://www.threatexpert.com/report.aspx?md5=fe938c82127759263c15bae51b8e9f96

Worm.AutoRun!sd6
http://www.threatexpert.com/report.aspx?md5=565c420349579297dff250ed271d382e

 
Worm.AutoRun.GEN
W32.Fujacks.E
Worm.Win32.AutoRun.wuu
PE_AGATDUL.A
W32/Autorun-UM
Virus:Win32/Fujacks.M
Virus.Win32.AdWare


0
 
LVL 2

Author Comment

by:v46n
ID: 24859463
interesting stuff, by changing the permissions on that key i should pretty much protect myself no?
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 24914647
Sorry for delayed reply.

If you can lock or change permissions on that key so no one can write or add to it, it would help.

Thanks!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The intent of this Article is to provide the basic First Aid steps for working through most malware infections. The target audience includes experienced IT professionals and the casual user who just wants to make the infection go away. **********…
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question