System Analyzer automatically starting



Show first post

29 replies

Userlevel 7
You are welcome.
 
Another last-ditch approach is to remove the System Analyzer registry keys to see if anything in there is triggering it to leave a driver behind. It's been awhile, and I don't have my VMs handy to test it out, but I think I remember it leaving keys behind somewhere under SOFTWARE in HKLM or HKCU.
 
This is totally an out-there idea, and wouldn't be something I would use since I'm pretty good at ferreting out autoruns, but hey, that's what I specialize in at work. Stupid ideas that solve things all the smart ideas didn't. 😃
Userlevel 7
Badge +55
Well I'm expressed just the same...administrator of 1400+ computers! Really? Nice to have you on board with Webroot..
Userlevel 4
How does that happen, might be a bug with windows.
Userlevel 7
@ There are an amazing number of places in the Windows system that an application can use to start automatically. If the application doesn't remove itself, it will just keep being triggered to launch automatically. This is due to the extremely extensible and customizable nature of Windows, there's a lot you can inject into and modify. It's a security nightmare, but it's that way for a reason. Sysinternals Autoruns will show you almost every place something can hide to start automatically, but it's never a complete listing of every possible way, for various technical reasons.
 
For example, DLL Preloading, which is about as fun as it sounds
http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx
 
Yeah, computer security is really, really, really hard or impossible once you have something malicious on your PC. In the corporate world, if you get a virus the entire computer gets rebuilt, end of discussion (unless there's an internal department that can handle forensic investigation, but the employee is still getting another computer.) That's why Webroot's journaling tech is such a good solution; it can pretty reliably remove every trace of something trying to hide in most situations. It's good stuff. If it was crappy - trust me - I wouldn't be here.
 

Reply