Results 1 to 2 of 2

Thread: UACU Popup on startup Wanting me to accept Run Legacy CPL Elevated

  1. #1
    Junior Member
    Join Date
    Feb 2011
    Posts
    4

    Angry UACU Popup on startup Wanting me to accept Run Legacy CPL Elevated

    It says to accept or cancel
    also the information

    Microsoft Windows
    "C:\windows\system32\RunLegacyCPLElevated.exe"
    Shell32.dll.Control_runDLL
    "C:\Users\Robert\AppData\Local\AwDaGOCwqPn\CviejN.cpl"

    is displayed in the popup.

    This just started the other day. And have read several posts that it is some type of virus.

    My antivirus software "AVG internet security bossiness edition 2011" doesn't see it as a threat.

    Running "Windows Vista Home Premium" operating system

    Any help or advice will be greatly appreciated. Thank you in advance.

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Hi roofinrobert

    Most likely the answer is this:

    Well, RunLegacyCPLElevated.exe is designed to provide backward compatibility by allowing legacy Windows Control Panel plug-ins to run with full administrative privileges
    but this is also a possibility:

    So the scenario would be:
    • The user gets infected by malicious code running as a restricted user – Trojan or exploit are two likely vectors
    • This malicious code drops a malicious CPL file to disk in a location that the restricted user can write to
    • The malicious code then calls RunLegacyCPLElevated.exe with the malicious CPL as a parameter
    • The user is presented with a UAC prompt that claims that MicrosoftWindows needs to elevate permissions and not a third party application
    The user authorizes and the malicious code obtains administrative privileges
    source.

    Please download DDS and save it to your desktop.

    Double click dds.scr to run the tool. When done, DDS.txt will open.

    Save both reports to your desktop.

    Please Copy/paste both logs in your reply.
    How Can I Reduce My Risk?

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •