| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | Re: app startup locations |
From: John Cuccia
Thanks.
On Thu, 3 Jun 2004 08:27:49 -0700, "Rich" wrote:
> The policy keys are valid. They are used for (surprise) group policy. If
you don't use group policy or have your policy configure run values than
the key won't exist or have any entries.
>
> I have seen trojans use this as well as the others below. I've never heard
of or seen use of subkeys.
>
>Rich
>
> "John Cuccia" wrote in message
news:6s7ub0lala87lkqvkd7qk4cb5tunn6dnt6{at}4ax.com...
> Neither have I. I just did a quick check of one of our W2K servers
> and the Policies\Explorer\Run keys weren't there,
>
> Of course that doesn't mean anything except that they did not exist on
> that particular machine. I wonder if Rich could tell us if they are
> valid reg entries?
>
>
> On Thu, 3 Jun 2004 05:58:19 -0400, "Geo."
wrote:
>
> >the policies keys are the ones I've never seen listed before.
> >
> >Geo.
> >
> >"John Cuccia" wrote in message
> >news:do8sb0phg2c2mjj4pu9gn34dmttqs6vdto{at}4ax.com...
> >> On Wed, 2 Jun 2004 14:45:06 -0400, "Geo."
wrote:
> >>
> >> >It turns out that W2K has a "feature" not
shared by any other MS O/S
> >> >
> >> >-- it launches any program in any subkey of (at least) six keys:
> >>
>HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
> >> >HKCU\Software\Microsoft\Windows\CurrentVersion\Run
> >> >HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
> >>
>HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
> >> >HKLM\Software\Microsoft\Windows\CurrentVersion\Run
> >> >HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
> >>
> >> I don't think the above is true. I vaguely recall W95 and NT4 having
> >> those registry keys (except maybe the first one). XP definitely has
> >> them.
> >>
> >>
> >> >This would simply be a curiosity except that I can't find a single
> >> >third party utility (other than the Silent Runners script) that
> >> >identifies programs located in such subkeys.
> >>
> >> I don't think this is true either. I believe they are exposed by (at
> >> least) TweakUI and I know I've seen other utilities report them.
> >>
> >>
> >
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)SEEN-BY: 633/267 270 @PATH: 379/45 1 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.