dellyfry Posted August 17, 2008 Much of the malware today is hijacking the exefile value in the registry. When the malware component in question is removed and the offending registry entry is not repaired, it can cause issues in trying to execute any *.exe file on the next reboot. Case in point - SAS recently removed a malware file cftmon.exe that had hijacked the exefile extension, but did not repair the value after removal - so on the next reboot, the system was unable to open any program. SuperAntiSpyware already locks down the homepage from tampering. Why not add the ability to lock certain parts of the registry down from tampering - such as the exefile value? Any changes to the entry would have to be cleared by the user or denied outright. Share this post Link to post Share on other sites
SUPERAntiSpy Posted August 17, 2008 Much of the malware today is hijacking the exefile value in the registry. When the malware component in question is removed and the offending registry entry is not repaired, it can cause issues in trying to execute any *.exe file on the next reboot.Case in point - SAS recently removed a malware file cftmon.exe that had hijacked the exefile extension, but did not repair the value after removal - so on the next reboot, the system was unable to open any program. SuperAntiSpyware already locks down the homepage from tampering. Why not add the ability to lock certain parts of the registry down from tampering - such as the exefile value? Any changes to the entry would have to be cleared by the user or denied outright. The problem with that is that users don't know what is ok and what is not....we are adding some new repairs to handle some of these issues. Share this post Link to post Share on other sites
dellyfry Posted August 17, 2008 The problem with that is that users don't know what is ok and what is not....we are adding some new repairs to handle some of these issues. I can see your point. However, do you know of any legitimate programs that modify these values? I can't think of one.. other than malware. Maybe it could be locked down without any user interaction? Either way, I'm sure you have sometime up your sleeve... Keep up the good work. Share this post Link to post Share on other sites