Re: secure32.exe

From: "Scherbina Vladimir" <vladimir.scherbina@xxxxxxxxx>
Date: Fri, 20 Jan 2006 11:02:13 +0200

> It would be good, however, to find ant vestigal components of this thing.
> For example, how did
> it get launched? Its name must be somewhere, in a startup command file (or
> in the registry?). What
> kind of search could be used - I tried to search files that had the text

Usually mailware, troyans, etc. create some dll module that performes
additional tasks for main exe. Exe can register this dll as Winlogon
notification package (that will be invoked when system is on, off), or as
BHO (Browser Helper Object) - to get loaded when user begins to navigate to
internet, or as extension in AppInit_Dlls registry key - this allows dll to
start exe when needed.

--
Vladimir

.

References:
- secure32.exe
  - From: Michael Blanc
- Re: secure32.exe
  - From: David H. Lipman
- Re: secure32.exe
  - From: Michael Blanc
- Re: secure32.exe
  - From: Scherbina Vladimir
- Re: secure32.exe
  - From: Michael Blanc

Prev by Date: Re: secure32.exe
Next by Date: Re: Can't Log on: multiple XP security and/or virus issues
Previous by thread: Re: secure32.exe
Next by thread: Re: secure32.exe
Index(es):
- Date
- Thread

Relevant Pages

Re: Transferring programmes from one partition to another
... the same dll location. ... If the exe file is moved, the association is broken and is not ... The dll may look to the registry but since the exe and ... of registry entries involed, you could in theory anyway, update the registry ...
(microsoft.public.windowsxp.general)
Re: COM beginner - 2 apps using the same instance of a component.
... >> a DLL). ... > an in-proc dll server is because that is how it is used most of the time, ... > I realise I could make an out of proc server exe project and just make it ... > I would prefer not to touch the registry for this project, ...
(microsoft.public.win32.programmer.ole)
Re: Accessing a DLL without registering it
... You could simply try to create an object from one of the classes in the dll, ... You can directly check for the CLSID in the registry. ... If the dll is in the same directory as the exe, ... The way the accounting package works is, ...
(microsoft.public.vb.general.discussion)
Re: Accessing a DLL without registering it
... eliminates the need for the registry information. ... I've written a custom DLL that I'm using within several new EXE's. ... I'd rather be able to install the EXE and the DLL to a shared ... search path of the application and IF it doesn't find it there, ...
(microsoft.public.vb.general.discussion)
Problem with performance of IDE devices
... index 0, dll tcpstk.dll, context 0x3f8a5c9 ... 0x801abbe8: FSREG: Mounted ROM portion of boot registry ... 0x8014abcc: FSREG: Invalid HKEY 0x00000000 ...
(microsoft.public.windowsce.platbuilder)