• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
dcdc

False Positive ?

2 posts in this topic

Should I delete this Reg, entry please?

OS: 98SE

 

Name:Windows

Category:Vulnerability

Object Type:RegData

Size:1 Bytes

Location:software\microsoft\windows nt\currentversion\winlogon "Shell" ()

Last Activity:12-09-07

Relevance:Low

TAC index:3

Comment:

Description:General Windows Security Issue. Your system security may be compromised. The specifics of the possible compromised item are listed in the comments section.

 

( nothing in the comments section)

Share this post


Link to post
Share on other sites
Should I delete this Reg, entry please?

OS: 98SE

 

Name:Windows

Category:Vulnerability

Object Type:RegData

Size:1 Bytes

Location:software\microsoft\windows nt\currentversion\winlogon "Shell" ()

Last Activity:12-09-07

Relevance:Low

TAC index:3

Comment:

Description:General Windows Security Issue. Your system security may be compromised. The specifics of the possible compromised item are listed in the comments section.

 

( nothing in the comments section)

 

Hi dcdc !

 

 

The Windows family is a special family which recognizes changes on Windows default data values.

 

I can see you are using an really old OS. With newer versions of Windows OS the default data value in this key is Explorer.exe, which is the shell for Windows. Some malware targets this value to start up at the same time as the shell is loaded.

 

In this case I suppose the data value in software\microsoft\windows nt\currentversion\winlogon "Shell" () is empty , and Ad-Aware SE

recognizes the empty data and want to change it to software\microsoft\windows nt\currentversion\winlogon "Shell" (Explorer.exe).

If you get hit on this every scan , I suggest you to put it on ignore.

 

 

Best Regards

 

Albin

 

Lavasoft Research

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0