Do you know what is Winlogon?
Winlogon creates the desktop for the windows environment.
The registry key is located at:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
Just by adding an ADDITIONAL shell (to the default explorer application) a spyware program can get itself loaded on windows startup.
"The Shell key value can contain a comma-separated list of programs to be executed. Explorer is the default shell program and will be executed if the Shell key value is null or not present. By default, Explorer is listed."
Editing the Windows registry-
You can use either regedit.exe or regedt32.exe to modify the registry. Under Windows XP and Windows Server 2003 there is no difference.
However if you are using Windows NT 4 or Windows 2000 then regedit.exe would have a few restrictions and is recommended only to search the registry (to view the restrictions, please refer to the references below)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment