Re: Can Malware Automatically Startup in Safe Mode?
- From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>
- Date: Mon, 1 Dec 2008 13:20:09 -0500
From: "Stefan Kanthak" <postmaster@[127.0.0.1]>
| Which process but injects this DLL? And who starts the injector
| process?
| Back to square one!
A trojan dropper or trojan downloader may inject the process
| Malware has to install a driver/service and create the necessary
| registry entries
| beyond
| [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\<driver/service>]
| to
| start automatically in safe mode, for example.
| Stefan
One of *many* places to inject a DLL is...
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
Two others using EXE files are under...
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
C:\WINDOWS\system32\userinit.exe, malware_name.exe
Shell
Explorer.exe malware_name.exe
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
.
- Follow-Ups:
- Re: Can Malware Automatically Startup in Safe Mode?
- From: Stefan Kanthak
- Re: Can Malware Automatically Startup in Safe Mode?
- References:
- Re: Can Malware Automatically Startup in Safe Mode?
- From: David H. Lipman
- Re: Can Malware Automatically Startup in Safe Mode?
- From: Stefan Kanthak
- Re: Can Malware Automatically Startup in Safe Mode?
- Prev by Date: local security policy
- Next by Date: Re: Can Malware Automatically Startup in Safe Mode?
- Previous by thread: Re: Can Malware Automatically Startup in Safe Mode?
- Next by thread: Re: Can Malware Automatically Startup in Safe Mode?
- Index(es):
Relevant Pages
|
