From: "Geo." 

Hello,

Silent Runners R48 adds a woefully documented launch point:
HKLM\System\CurrentControlSet\Control\SecurityProviders\SecurityProviders
... that is the target of a current infection.

I have confirmed that the comma-separated DLLs listed in this value are
launched during startup.

This value appears in _all_ Windows versions.

I am unaware of *any* anti-spyware program or launch point analyzer that
detects malware launching from this location. I am unaware of
*any* documentation of this registry location as a launch point.

It is recommended that you download Silent Runners R48 and delete earlier versions.

I thank my customer Paul H. for his patience during the disinfection
process. I also thank Phaedrus of Short-Media.com for having identified the
elusive malware critter responsible for the infection:
http://www.short-media.com/forum/showthread.php?t=49709

The updated script (R48) can be found here:
http://www.silentrunners.org/Silent%20Runners.vbs

A zipped version can be found here: http://www.silentrunners.org/Silent%20Runners.zip

Thanks again to those users who have provided feedback for improve- ments.
If you ever have any problem with the script, please let me know. (Please
note the expanded FAQ: http://www.silentrunners.org/sr_faq.html ) To be
removed from this distribution list, please request it via a reply to this
e-mail or use the Contact form on the web site.

regards, Andy

--- BBBS/NT v4.01 Flag-5