To Customer Support To Customer Support

System Analyzer automatically starting

Show first post

29 replies

explanoit
Rank
Userlevel 7
Badge +6
You are welcome.
 
Another last-ditch approach is to remove the System Analyzer registry keys to see if anything in there is triggering it to leave a driver behind. It's been awhile, and I don't have my VMs handy to test it out, but I think I remember it leaving keys behind somewhere under SOFTWARE in HKLM or HKCU.
 
This is totally an out-there idea, and wouldn't be something I would use since I'm pretty good at ferreting out autoruns, but hey, that's what I specialize in at work. Stupid ideas that solve things all the smart ideas didn't. 😃
---------------------------------------- Business Products Sr. Community Leader and Expert Advisor - WSA-Enterprise administrator over 2000 clients First company to 1000+ WSA endpoints | Power User / Business Ambassador / WSA-C and WSA-E Beta tester Find me on Twitter!
Ssherjj
Rank
Userlevel 7
Badge +62
Well I'm expressed just the same...administrator of 1400+ computers! Really? Nice to have you on board with Webroot..
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sonoma (14.3.1}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
RyanBot
Rank
Userlevel 5
How does that happen, might be a bug with windows.
--------------------------------------------------------------- ~Var Helper of the Webroot Community OS and Main Antivirus:Linux Mint, None :( ----------------------------------------------------------------
explanoit
Rank
Userlevel 7
Badge +6
@ There are an amazing number of places in the Windows system that an application can use to start automatically. If the application doesn't remove itself, it will just keep being triggered to launch automatically. This is due to the extremely extensible and customizable nature of Windows, there's a lot you can inject into and modify. It's a security nightmare, but it's that way for a reason. Sysinternals Autoruns will show you almost every place something can hide to start automatically, but it's never a complete listing of every possible way, for various technical reasons.
 
For example, DLL Preloading, which is about as fun as it sounds
http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx
 
Yeah, computer security is really, really, really hard or impossible once you have something malicious on your PC. In the corporate world, if you get a virus the entire computer gets rebuilt, end of discussion (unless there's an internal department that can handle forensic investigation, but the employee is still getting another computer.) That's why Webroot's journaling tech is such a good solution; it can pretty reliably remove every trace of something trying to hide in most situations. It's good stuff. If it was crappy - trust me - I wouldn't be here.
 
---------------------------------------- Business Products Sr. Community Leader and Expert Advisor - WSA-Enterprise administrator over 2000 clients First company to 1000+ WSA endpoints | Power User / Business Ambassador / WSA-C and WSA-E Beta tester Find me on Twitter!

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.