Author Topic: Critical Bug in Userinit and Shell Entry (Autoruns)  (Read 3477 times)

Offline Herman Salim

  • Newbie
  • *
  • Posts: 21
Critical Bug in Userinit and Shell Entry (Autoruns)
« on: April 15, 2016, 11:53:15 AM »
Dear Comodo,

I'm a Comodo Big fan. I use CIS for protect myself and always use Killswitch and Autoruns to help other's PC that be infected by malware.
Today, i found a serious bug with autoruns comodo in viewing Userinit and Shell Entry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
Userinit=E:\WINDOWS\system32\userinit.exe,,C:\Program files\mmsehswb\uskqusgr.exe
Shell=Explorer.exe,,C:\Program files\mmsehswb\uskqusgr.exe

C:\Program files\mmsehswb\uskqusgr.exe is a malware path that not found by Autoruns. Autoruns separate this entry into three sections. And said that 'File Not Found'



But, Autoruns (Sysinternal Toos) done perfectly in viewing and find this:



It will be terrible when we choose View->Hide Safe Entries from Autoruns CCE menu, this Userinit and Shell entry will be dissapear because 'File not found' is always considered to be safe by autoruns. So, we don't see anything strange with this two value which should be rated as malicious with red colour highlighting.

Please fix this in next version, so we can done perfectly in remove malware autostart's key.

Best Regards,

Herman Salim
« Last Edit: April 15, 2016, 12:15:25 PM by Herman Salim »

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5208
Re: Critical Bug in Userinit and Shell Entry (Autoruns)
« Reply #1 on: September 02, 2016, 01:12:57 PM »
Thanks for the report this is fixed with CIS 10.0.0.5144 beta.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek