ZHPDiag – Module O4 GS (Global Startup)

The Module O4 TG (Global Startup) ZHPDiag lists of all application shortcuts located in some Windows startup files.

Many malware place shortcuts into the folder “WindowsStart MenuPrograms“. This is the case of some unnecessary software like “SecurityTool“. Legitimate software can also put a shortcut in this folder, c & rsquo; is the case for example of’Analog Clock d’Opera Software. Although it is not a question strictly speaking of a link “Global Startup“, However, it is interesting & rsquo; have the list in this module.

Adding research in other user folders to list a greater number of links commes those placed on the “Bureau” and those launched in “Quick Launch” Microsoft Internet Explorer. These shortcuts files are often used by certain software as “AntiMalwareDoctor“. For these specific lines, a new header was created under the name “Other users links“. If the link file does not point to a file, the MENSION “key orphan” is added.

Some unwanted applications, as browser hijackers, proceed to the modification of the & rsquo; shortcuts argument of all your browsers to redirect the search and navigation to their own servers.

O4 – GSQuicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) C:\Program FilesGoogleChromeApplicationchrome.exe http://pop.yeawindows.com
O4 – GS TaskBar [Administrator]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) C:\Program FilesGoogleChromeApplicationchrome.exe http://pop.yeawindows.com
O4 – GS TaskBar [Administrator]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) C:\Program FilesMozilla Firefoxfirefox.exe http://pop.yeawindows.com

Some records listed

C:\Documents and Settings{UserName}\Start Menu Programs Startup
C:\Documents and Settings All Users Start Menu Programs Startup
C:\ProgramDataMicrosoftWindowsStart MenuProgramsStartup
C:\UsersAll UsersAppDataRoamingMicrosoftWindowsStart MenuPrograms
(From Vista)
C:\UsersAll UsersAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup (From Vista)
C:\Users{Username}\AppDataRoamingMicrosoftInternet ExplorerQuick Launch (From Vista)
C:\Users{Username}\AppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser Pinned\TaskBar (From Vista)
C:\Users{Username}\Desktop (From Vista)

Overview ZHPDiag

—\\ Global Startup Shortcuts (8) – 1s

O4 – GS TaskBar: CDBurnerXP.lnk . (.Canneverbe Limited.) — C:\Program Files (x86)\CDBurnerXPcdbxpp.exe
O4 – GS TaskBar: Google Chrome.lnk . (.Google Inc..) — C:\Program Files (x86)\GoogleChromeApplicationchrome.exe
O4 – GSPrograms: Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) — C:\Program Files (x86)\Internet Exploreriexplore.exe
O4 – GSPrograms: Internet Explorer.lnk . (.Microsoft Corporation.) — C:\Program Files (x86)\Internet Exploreriexplore.exe
O4 – GSDesktop: iexplore.exe.lnk . (.Microsoft Corporation.) — C:\Program Files (x86)\Internet Exploreriexplore.exe
O4 – GSDesktop: Microsoft Visual C++ 2010 Express.lnk . (.Microsoft Corporation.) — C:\Program Files (x86)\Microsoft Visual Studio 10.0Common7IDEVCExpress.exe
O4 – GSQuickLaunch: Google Chrome.lnk . (.Google Inc..) — C:\Program Files (x86)\GoogleChromeApplicationchrome.exe
O4 – GSQuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) — C:\Program Files (x86)\Internet Exploreriexplore.exe

Examples of detection

—\\ Global Startup Shortcuts (5) – 1s
O4 – GSQuicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) C:\Program FilesGoogleChromeApplicationchrome.exe %SNP% –disable-quic
O4 – GS TaskBar [Administrator]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) C:\Program FilesGoogleChromeApplicationchrome.exe %SNP% –disable-quic
O4 – GSQuicklaunch [Coolman]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) C:\Program FilesGoogleChromeApplicationchrome.exe %SNP% –disable-quic

Action ZHPFix

O4 – Global Startup: {LinkName}.lnk .(…). — {FileName}

{FileName} : File name.
{LinkName} : Shortcut name pointed to the file {FileName}.

1) L & rsquo; tool removes the shortcut file {LinkName]
2) L & rsquo; tool deletes the file {FileName]

Action ZHPFix (d & rsquo case; an orphan key)

O4 – Global Startup: {LinkName}.lnk – key orphan

{FileName} : File name.

L & rsquo; tool removes the shortcut file {LinkName]

ZHPDiag – Module O4 (Global Startup)
5 (100%) 2 vote[s]

Total views 728 (Today 1 )