Autoruns fails to detect

   The issue here is that the primary exe rundll32.exe is signed. Autoruns doesn't check command line args.

Author	Message Share Topic Printable Version Delicious Digg Facebook Furl Google MySpace Newsvine reddit StumbleUpon Translate Twitter Windows Live Yahoo Bookmarks Topic Search Topic Options Post Reply Create New Topic
namrehto Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 23 June 2005 Location: Scotland Online Status: Offline Posts: 3861	Post Options Post Reply Quote namrehto Report Post Quote Reply Topic: Autoruns fails to detect Posted: 13 June 2007 at 12:42am
	The issue here is that the primary exe rundll32.exe is signed. Autoruns doesn't check command line args.
	Gil

Barfy Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 12 June 2007 Online Status: Offline Posts: 1	Post Options Post Reply Quote Barfy Report Post Quote Reply Posted: 12 June 2007 at 11:09pm
	Recently I got my computer infected in some strange way - each time I restart it, my Internet Explorer home page gets replaced. Autoruns with a "hide signed Micrsoft modules" option turned on did not show anything suspicios. Although, when I turned the option off, the following line, which appeared as a legitimate under autoruns took my attention: rundll32.exe advpack.dll,LaunchINFSection gv_inst.inf, Section the inf file contained a code to set a home page. It could also easily contain some instructions to copy and replace files etc. Maybe the newer version of autoruns should filter those "signed" Microsoft entries.