On Thu, 11 Dec 2008 01:12:37 -0600, Guy wrote:
> Why do you say it is hidden? Those 6 entries are normal.
This is an undocumented autorun method used by malware to hide nastigrams.
http://forums.majorgeeks.com/showthread.php?t=38752
Many of the nasty autoruns hidden in the SSODL are listed here
http://www.castlecops.com/O21.html
--------------------------------------------------------------------------
O21 - ShellServiceObjectDelayLoad Registry key autorun
What it looks like:
O21 - SSODL - AUHOOK - {11566B38-955B-4549-930F-7B7482668782} -
C:\WINDOWS\System\auhook.dll
What to do:
This is an undocumented autorun method, normally used by a few Windows
system components. Items listed at
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\
ShellServiceObjectDelayLoad
are loaded by Explorer when Windows starts. HijackThis uses a whitelist
of several very common SSODL items, so whenever an item is displayed in
the log it is unknown and possibly malicious. Treat with extreme care.
--------------------------------------------------------------------------
Reply With Quote