Online PC Tech Support UK: Shell Command

Malware can load from a array of different places on your Personnel Computer. In addition to the more common modifications to Windows auto start entry points, malware may leverage the shell open command. This allows it to register itself as the handler for certain file types and thus the virus, worm or Trojan loads when any of these file types are called.

Following are the keys typically targeted:
• HKEY_CLASSES_ROOT\exefile\shell\open\command
• HKEY_CLASSES_ROOT\comfile\shell\open\command
• HKEY_CLASSES_ROOT\batfile\shell\open\command
• HKEY_CLASSES_ROOT\piffile\shell\open\command
• HKEY_CLASSES_ROOT\htafile\shell\open\command
• HKEY_CLASSES_ROOT\htfile\shell\open\command

The default value for each of these should be "%1" %*. If malware has registered itself as the handler, the value would appear similar to the following:

%1
where represents the filename of the malicious program.
When manually attempting removal of a virus, worm, Trojan or other malware that has registered itself as the handler in this manner, you must correct the registry value before you attempt to delete the copy of the malware. Otherwise, when you reboot your system you will not have a valid handler for these file types and the system will not load Windows.

See Also
printer technical support
windows vista sp2 : increases in free disk
Quick access to programs in control panel
Fizzer Worm Targets Email, KaZaA Users
How To Enable / Disable File Sharing in Windows XP

Online Pc Tech Support Uk

Learn how to fix your common computer problems , read my articles related to common computer problems.

Shell Command

No comments:

Blog Archive