Whats the point of a software/malware adding something like this?
AppInit_DLLs: C:\Program Files => C:\Program Files [0 2017-07-20] ()
http://www.geekstogo...th-ransomeware/
Edited by Alduin, 25 July 2017 - 09:51 AM.
Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
Whats the point of a software/malware adding something like this?
AppInit_DLLs: C:\Program Files => C:\Program Files [0 2017-07-20] ()
http://www.geekstogo...th-ransomeware/
Edited by Alduin, 25 July 2017 - 09:51 AM.
Hello,
I saw that it's an odd looking entry because there is no malware file or any file except the programs files folder.
The AppInit_DLLs registry value contains a list of dlls that will be loaded when user32.dll is loaded. As most Windows executables use the user32.dll, that means that any DLL that is listed in the AppInit_DLLs registry key will be loaded also.
The user32.dll file is also used by processes that are automatically started by the system when you log on. This means that the files loaded in the AppInit_DLLs value will be loaded very early in the Windows startup routine allowing the DLL to hide itself or protect itself before we have access to the system.
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
There are very few legitimate programs that use this Registry key, but you should proceed with caution when deleting files that are listed here.
Usually we see something like this:
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Thank you for your high-quality answer zep! , I was thinking that Maybe it could have been some AM/AV software that Modified that key if that's even possible or perhaps the malware/software didn't execute properly or perhaps he could have done something wrong while he was coding his application/malware. Thanks again zep!
Edited by Alduin, 25 July 2017 - 01:43 PM.
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.