B
Brian
Can anyone tell me what the combination of "debugger" and "wscntfy" does and
if it is ever legitimate in this context?
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Image File Execution Options
We had a PC get hit by a piece of spyware that evidently created many keys
here, each having the name of an EXE and a string value named "debugger",
value "wsconfty". This prevented that particular EXE from running.
Most notably were these:
Regedit
MSC
Taskmgr
MSConfig
Because this entry prevented these programs from starting, this effectively
kept me from getting to my usual tools for almost six hours until I dug
through the registry, exported, then deleted these keys.
Is a "wscntfy" value ever valid as "debugger" and/or in this section of the
registry? Should I just delete the rest to prevent other problems?
if it is ever legitimate in this context?
HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Image File Execution Options
We had a PC get hit by a piece of spyware that evidently created many keys
here, each having the name of an EXE and a string value named "debugger",
value "wsconfty". This prevented that particular EXE from running.
Most notably were these:
Regedit
MSC
Taskmgr
MSConfig
Because this entry prevented these programs from starting, this effectively
kept me from getting to my usual tools for almost six hours until I dug
through the registry, exported, then deleted these keys.
Is a "wscntfy" value ever valid as "debugger" and/or in this section of the
registry? Should I just delete the rest to prevent other problems?