Consider exefile handler detection

[xerces8]

Hi!

Recently i fixed a friends infested PC and I also used S&D.

After that I booted the system and noticed, that an .exe file handler was installed (HKEY_CLASSES_ROOT\exefile\...).

S&D did not report this.

I believe such a handler is usually a work of malware, so maybe S&D should detect and fix it.
What do you think?

Regards,
David

PS: I used v1.6.2. I performed download in it, closed it, then copied the C:\Program Files\Spybot - Search & Destroy folder to the USB key from which I booted the problem PC (WinPE was on the USB key - Win2008 based).

 

[Buster]

Sorry for taking so long, but can you give us some more details on this. Do you remember the exact entry or do you still have some samples of the infection? Maybe somewhere in quarantine or something like that?

 

[xerces8]

The key is HKEY_CLASSES_ROOT\exefile\shell\open\command and the default value is: "%1" %*

Googling gives pretty much information about this issue.

Recently I had some malware using this key to activate itself each time an exe file was executed on the system.

 

[Matt]

Recently I had some malware using this key to activate itself each time an exe file was executed on the system.

One example for Buster: Malware.Fraud.XP Smart Security 2010