F Best free antivirus software and antivirus software reviews

Best free antivirus software and antivirus software reviews

Best free antivirus software - what's it, where to find it and how to download or buy it. I'll try to find for you a lot of different antispyware and antivirus software products

Google

Open VPN

Tuesday, December 04, 2007

Shell Open Command Tricks from Mary Landesman

Malware can load from a variety of different places on your PC. In addition to the more common modifications to Windows auto start entry points, malware may leverage the shell open command. This allows it to register itself as the handler for certain file types and thus the virus, worm or Trojan loads when any of these file types are called. (The 2001 Sircam worm was one of the earliest examples of widespread malware using this technique).
Following are the keys typically targeted:
· HKEY_CLASSES_ROOT\exefile\shell\open\command
· HKEY_CLASSES_ROOT\comfile\shell\open\command
· HKEY_CLASSES_ROOT\batfile\shell\open\command
· HKEY_CLASSES_ROOT\piffile\shell\open\command
· HKEY_CLASSES_ROOT\htafile\shell\open\command
· HKEY_CLASSES_ROOT\htfile\shell\open\command
The default value for each of these should be "%1" %*.
If malware has registered itself as the handler, the value would appear similar to the following:
%1 where represents the filename of the malicious program.
When manually attempting removal of a virus, worm, Trojan or other malware that has registered itself as the handler in this manner, you must correct the registry value before you attempt to delete the copy of the malware. Otherwise, when you reboot your system you will not have a valid handler for these file types and the system will not load Windows.
To correct the handler value, replace the contents with:
"%1" %*
Symantec also provides a free tool to reset shell\open\command registry keys.

0 Comments:

Post a Comment

<< Home