-
July 29th, 2010, 11:13 PM
#1
Anyone else observing change in "explorer.exe" settings in HKLM
I'm dealing with a "probable" infection affecting 2 large network segments with around 4000 odd machines. Our firewalls and IPS show no major activity in last 2 weeks. I went through VM copies of machines currently deployed but I've found nothing. I'm to an extent convinced that this is not due to infection, however there is one thing which has changed on ALL the machines (when i say all - around 400 machines where load load point analysis was done are being considered.)
Registry value: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell" is set to "". but it should be "explorer.exe".
Is anyone else noticing the same in their environment? Ill check with my counterparts in different group companies today morning (4 AM here) but i wanted to see if anyone else is going through a network clog and is seeing this same registry change.
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
Similar Threads
-
By akachuckie in forum The Security Tutorials Forum
Replies: 8
Last Post: February 24th, 2005, 01:47 AM
-
By The Duck in forum Spyware / Adware
Replies: 14
Last Post: February 24th, 2005, 12:27 AM
-
By Malen Nasharan in forum AntiVirus Discussions
Replies: 2
Last Post: October 27th, 2004, 10:26 PM
-
By helpme2 in forum Spyware / Adware
Replies: 5
Last Post: June 25th, 2004, 05:13 AM
-
By PhirePhreak in forum AntiOnline's General Chit Chat
Replies: 11
Last Post: April 16th, 2002, 04:38 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|