Image File Execution Options Registry

J

JazibDawre

Hello,

My regedit keys in Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\* have a lot of keys with the name of applications that I am sure that I have earlier removed as virus or malware, for example AppthgildeM.exe has two things

1. A default value of type 'REG_SZ'

2. A GlobalFlag of 'REG_DWORD' with a value 200 (I deleted this entry)


The rest of the keys with names of the malicious files only have the default value. I don't know the exact names of all the malicious entries so is there a way I can remove those?


Also The genuine entries have 'DisableExceptionChainValidation' set to 0 (thankfully) however explorer.exe has a value of 3. Should I change that back to 0?


Thanks!

G
M
T
Y
Text-to-speech function is limited to 200 characters
Options : History : Feedback : DonateClose

Continue reading...
 
Back
Top Bottom