ZHPDiag – O22 SharedTaskScheduler (STS) Module

/ Modules / Through / 2 minutes of reading
149
5/5 - (1 votes)

ZHPDiag – Module O22 – SharedTaskScheduler

This module lists the CLSID values ​​of the SharedTaskScheduler registry key. These items are launched at system startup and are often the result of rogue infection.

The search is carried out on the values ​​of the following Registry keys:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

– The following legitimate Windows lines are not displayed:
O22 – SharedTaskScheduler: Browseui preloader – {…}
O22 – SharedTaskScheduler: Component Category Cache Daemon – {…}

SharedTaskScheduler detections have practically disappeared these days, in fact Windows 10 no longer references this registry key.

ZHPDiag Overview

—\\ SharedTaskScheduler (O22)
O22 – SharedTaskScheduler: Browseui Preloader – {438755C2-A8BA-11D1-B96B-00A0C90312E1} – C:\WINDOWS\System32\browseui.dll
O22 – SharedTaskScheduler: Component Categories Cache Daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} – C:\WINDOWS\System32\browseui.dll

—\\ SharedTaskScheduler (O22) v1.25.04
O22 – SharedTaskScheduler: (no name) – {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation – User Interface Library) — C:\WINDOWS\system32\browseui.dll

Equivalence OTL

O22 – SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} – Component Categories cache daemon – C:\Windows\System32\browseui.dll (Microsoft Corporation)

ZHPFix action

O22 – SharedTaskScheduler: {Startup} – {CLSIDValue} – {FileName}

{Key} : Registry Base Key[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
{Startup} : Value data {CLSIDValue}
{CLSIDValue} : CLSID Value of the Key {Key}
{FileName} : Data of the default value of the key [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CLSIDValue}\InProcServer32]

1) The tool removes the d valueth key {CLSIDValue}
2) The tool deletes the key [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CLSIDValue}]
3) The tool deletes the key [HKEY_CLASSES_ROOT\CLSID\{CLSIDValue}]
4) The tool deletes the file {FileName}

Example of detection

O22 – SharedTaskScheduler: coexpire – {d4c4bc43-0974-4dec-a669-9f7bfcb3503d} – (.Microsoft Corp – Multiple Interface User) — C:\WINDOWS\system32\vmlwp.dll =>Trojan.FakeAlert
O22 – SharedTaskScheduler: andropogon – {655560a9-3ca8-4509-9632-6abbef21426b} – (.Microsoft Corp – Multiple Interface User) — C:\WINDOWS\system32\lgaac.dll =>Trojan.FakeAlert
O22 – SharedTaskScheduler: bund – {27882a9f-8937-4ae4-87ab-ed669c8b6d7a} – (.Microsoft Corp – Multiple Interface User) — C:\WINDOWS\system32\iheuv.dll =>Trojan.FakeAlert

Share
Tweet
whatsapp
Share
Pin it

About the Author

Nicolas Coolman is a French IT and IT security expert with a degree in software engineering. It specializes in scanning and disinfecting malware, including adware, ransomware, Trojans and other types of unwanted software. Nicolas Coolman is also the creator of several computer security tools, such as "ZHPCleaner" and "ZHPDiag", which are widely used by users to scan and clean malware from their Windows operating systems. Nicolas Coolman is very active in the IT security community and regularly shares his knowledge and findings on his website and on security forums. His expertise is recognized by many users and IT professionals, and he is considered a reference in the field of combating malware.

Similar publications

Back to top