Results 1 to 4 of 4

Thread: Consider exefile handler detection

  1. #1
    Junior Member
    Join Date
    Oct 2006
    Posts
    22

    Default Consider exefile handler detection

    Hi!

    Recently i fixed a friends infested PC and I also used S&D.

    After that I booted the system and noticed, that an .exe file handler was installed (HKEY_CLASSES_ROOT\exefile\...).

    S&D did not report this.

    I believe such a handler is usually a work of malware, so maybe S&D should detect and fix it.
    What do you think?

    Regards,
    David

    PS: I used v1.6.2. I performed download in it, closed it, then copied the C:\Program Files\Spybot - Search & Destroy folder to the USB key from which I booted the problem PC (WinPE was on the USB key - Win2008 based).

  2. #2
    Member of Team Spybot Buster's Avatar
    Join Date
    Oct 2005
    Location
    Bochum/Germany
    Posts
    389

    Default

    Sorry for taking so long, but can you give us some more details on this. Do you remember the exact entry or do you still have some samples of the infection? Maybe somewhere in quarantine or something like that?
    "The advantage of wisdom is that you can always act the fool. The opposite is quite tough."

    K. Tucholsky

    _______________________________________________________________

    Please help us improve Spybot and download our distributed testing client.

  3. #3
    Junior Member
    Join Date
    Oct 2006
    Posts
    22

    Default

    The key is HKEY_CLASSES_ROOT\exefile\shell\open\command and the default value is: "%1" %*

    Googling gives pretty much information about this issue.

    Recently I had some malware using this key to activate itself each time an exe file was executed on the system.

  4. #4
    Senior Member Matt's Avatar
    Join Date
    Aug 2006
    Location
    Bavaria
    Posts
    1,169

    Default

    Quote Originally Posted by xerces8 View Post
    Recently I had some malware using this key to activate itself each time an exe file was executed on the system.
    One example for Buster: Malware.Fraud.XP Smart Security 2010
    Best regards - Beste Grüße,

    Matt

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •