Lavasoft Support Forums > False Positive ?

Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive False Postive Issues

dcdc

Sep 12 2007, 10:56 AM

Should I delete this Reg, entry please?
OS: 98SE

Name:Windows
Category:Vulnerability
Object Type:RegData
Size:1 Bytes
Location:software\microsoft\windows nt\currentversion\winlogon "Shell" ()
Last Activity:12-09-07
Relevance:Low
TAC index:3
Comment:
Description:General Windows Security Issue. Your system security may be compromised. The specifics of the possible compromised item are listed in the comments section.

( nothing in the comments section)

LS Albin

Sep 12 2007, 11:52 AM

QUOTE(dcdc @ Sep 12 2007, 11:56 AM)

Hi dcdc !

The Windows family is a special family which recognizes changes on Windows default data values.

I can see you are using an really old OS. With newer versions of Windows OS the default data value in this key is Explorer.exe, which is the shell for Windows. Some malware targets this value to start up at the same time as the shell is loaded.

In this case I suppose the data value in software\microsoft\windows nt\currentversion\winlogon "Shell" () is empty , and Ad-Aware SE
recognizes the empty data and want to change it to software\microsoft\windows nt\currentversion\winlogon "Shell" (Explorer.exe).
If you get hit on this every scan , I suggest you to put it on ignore.

Best Regards

Albin

Lavasoft Research

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.