HiJackThis / Feature Requests / #2 Check shell values in Winlogon

#2 Check shell values in Winlogon

Milestone: Release 2.0.6

Status: accepted

Owner: Loucif Kharouni

Labels: None

Priority: 5

Updated: 2013-05-22

Created: 2013-02-06

Creator: Frank.R

Private: No

Please add the feature to check the shell values in all "Windows NT\CurrentVersion\Winlogon" keys.
Many new trojans add entries like shell="explorer.exe, %UserProfile%\AppData\Skype.dat"

Also see:
http://deletemalware.blogspot.de/2011/03/remove-trojanransomware-uninstall-guide.html

Discussion

Loucif Kharouni - 2013-05-15

Group: Next_Beta_Release_2.0.6 --> Release 2.0.6
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Loucif Kharouni - 2013-05-15

need to figure out how to encrypt the reg entries to add more

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Loucif Kharouni - 2013-05-15

assigned_to: Loucif Kharouni
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Loucif Kharouni - 2013-05-19

Hi Frank, I checked this again and this specific key on exist under HKLM, so I do not see the need to check others HK since it only exist under HKLM and malware just modify this existing key.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Loucif Kharouni - 2013-05-19

status: open --> pending
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Loucif Kharouni - 2013-05-22

status: pending --> accepted
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Check shell values in Winlogon

A free utility that finds malware and other threats

Group

Searches

Help

#2 Check shell values in Winlogon

Discussion