#2 Check shell values in Winlogon

Release 2.0.6
accepted
None
5
2013-05-22
2013-02-06
Frank.R
No

Please add the feature to check the shell values in all "Windows NT\CurrentVersion\Winlogon" keys.
Many new trojans add entries like shell="explorer.exe, %UserProfile%\AppData\Skype.dat"

Also see:
http://deletemalware.blogspot.de/2011/03/remove-trojanransomware-uninstall-guide.html

Discussion

  • Loucif Kharouni

    Loucif Kharouni - 2013-05-15
    • Group: Next_Beta_Release_2.0.6 --> Release 2.0.6
     
  • Loucif Kharouni

    Loucif Kharouni - 2013-05-15

    need to figure out how to encrypt the reg entries to add more

     
  • Loucif Kharouni

    Loucif Kharouni - 2013-05-15
    • assigned_to: Loucif Kharouni
     
  • Loucif Kharouni

    Loucif Kharouni - 2013-05-19

    Hi Frank, I checked this again and this specific key on exist under HKLM, so I do not see the need to check others HK since it only exist under HKLM and malware just modify this existing key.

     
  • Loucif Kharouni

    Loucif Kharouni - 2013-05-19
    • status: open --> pending
     
  • Loucif Kharouni

    Loucif Kharouni - 2013-05-22
    • status: pending --> accepted
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks