![]() ![]() HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesWmdmPmSp”Start” = “2? HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “.exe” HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun Win32.LocalInfect.2 HKCUSoftwareMicrosoftWindows NTCurrentVersionWinlogonshell = "explorer.exe,%AppData%skype.dat" HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetFIREFOX.EXEshellsafemodecommand "(Default)" = ""%LocalAppData%.exe" -a "C:Program FilesMozilla Firefoxfirefox.exe" -safe-mode" HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar HKEY_LOCAL_MACHINEsoftwareclassesurlsearchhook.toolbarurlsearchhook HKEY_CLASSES_ROOTurlsearchhook.toolbarurlsearchhook HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_WMDMPMSP000”ConfigFlags” = “0? I checked these registry entries that this website said to check but found no entries that matched: I checked msconfig and found no startup programs that shouldn't be there. I clean up my HDD after every session and so I keep no history, cookies, or anything like that. OK, so those are some questions I have about Webroot and the trojan.Īs far as the trojan itself, I went online and looked at what things this trojan can do and found certain things to look for. But if so, then why did Webroot suddenly have issues with this simple file manipulation program and claim that it was a threat? ![]() OR, am I getting things mixed up and maybe the only program infected with the trojan was "". If this simple program was infected with the "Win32.LocalInfect.2" trojan, WHY did this trojan target this simple exe? In what possible way was this simple exe infected by this trojan? Also, this program was kept in two different directories that are completely unrelated to any directories that windows might normally access during it's operation. Additionally, I have occasionally used this program for years and have used Webroot for years and Webroot has never had an issue with this program. I guarantee there is no code in this exe that changes registry entries, installs things, accesses the internet, or ANYTHING like that. This program is very simple and only does things like bulk renames of files, copies files, moves files, etc., and that's it. But let me explain, Years ago I wrote a very simple file manipulation program in VB Basic. The confusing part to this is that two of the three files Webroot indicated were infected were the same exe in two different directories. Webroot listed 3 files and indicated a "Win32.LocalInfect.2" but it was unclear to me if ALL three files were infected with the same trojan. I have a few questions about this.įirst, it was unclear to me if all three files were infected with this trojan. I have since studied this and found this trojan to be quite nasty. I actuallly scanned my system only a few days ago and my system was clean. I let Webroot do it's thing but then after the race I then scanned my system and Webroot came up with THREE files that were infected and it indicated that they were infected with the "Win32.LocalInfect.2" Trojan. This morning I was streaming the Formula 1 auto race and half way through Webroot came up with a notification that it had detected and quaranteened the file "".
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |