PDA

View Full Version : UACU Popup on startup Wanting me to accept Run Legacy CPL Elevated



roofinrobert
2011-02-26, 01:30
It says to accept or cancel
also the information

Microsoft Windows
"C:\windows\system32\RunLegacyCPLElevated.exe"
Shell32.dll.Control_runDLL
"C:\Users\Robert\AppData\Local\AwDaGOCwqPn\CviejN.cpl"

is displayed in the popup.

This just started the other day. And have read several posts that it is some type of virus.

My antivirus software "AVG internet security bossiness edition 2011" doesn't see it as a threat.

Running "Windows Vista Home Premium" operating system

Any help or advice will be greatly appreciated. Thank you in advance.

shelf life
2011-02-26, 21:07
Hi roofinrobert

Most likely the answer is this:


Well, RunLegacyCPLElevated.exe is designed to provide backward compatibility by allowing legacy Windows Control Panel plug-ins to run with full administrative privileges

but this is also a possibility:


So the scenario would be:
• The user gets infected by malicious code running as a restricted user – Trojan or exploit are two likely vectors
• This malicious code drops a malicious CPL file to disk in a location that the restricted user can write to
• The malicious code then calls RunLegacyCPLElevated.exe with the malicious CPL as a parameter
• The user is presented with a UAC prompt that claims that MicrosoftWindows needs to elevate permissions and not a third party application
• The user authorizes and the malicious code obtains administrative privileges

source. (http://www.symantec.com/connect/blogs/example-why-uac-prompts-vista-can-t-always-be-trusted)

Please download DDS (http://download.bleepingcomputer.com/sUBs/dds.scr) and save it to your desktop.

Double click dds.scr to run the tool. When done, DDS.txt will open.

Save both reports to your desktop.

Please Copy/paste both logs in your reply.