Re: What are these "Impersonate" keys about?
- From: Harry Johnston <harry@xxxxxxxxxxxxxxxxxx>
- Date: Thu, 26 Apr 2007 08:27:40 +1200
SueInCincy wrote:
As to the Why, please see the post in the similar question I just made today.
OK. Those particular files (and registry entries) are safe; they're a normal part of Windows. (Of course, malware could also create registry entries that would look similar, but these ones are OK.)
In this context, "Impersonate" is a technical term referring to a normal part of the way the operating system works - if you're interested there's some information about it here:
<http://en.wikipedia.org/wiki/Token_%28Windows_NT_architecture%29>
As to your wider problem, I did have one other thought - theoretically it is possible for a compromised USB or firewall device to take control of a computer simply by being plugged into it. I think you mentioned having an external disk drive, and you probably have various other external devices too; perhaps one of them has been compromised?
If you can find any evidence that this is the case, there will almost certainly be quite a number of security researchers interested to examine the device in question; if there's malware out there actually using this vulnerability people will want to know more about it. There have been no known attacks, but the vulnerability has been known about for several years.
Harry.
.
- References:
- Re: What are these "Impersonate" keys about?
- From: Harry Johnston
- Re: What are these "Impersonate" keys about?
- Prev by Date: Re: Please help-this is so annoying!
- Next by Date: Re: trojan horse, 1165180233
- Previous by thread: Re: What are these "Impersonate" keys about?
- Next by thread: Re: What are these "Impersonate" keys about?
- Index(es):
Relevant Pages
|
