CWS vs RegDefend

[Vikorr]

Interesting article about the CoolWebSearch trojan, and Registry DLL Injection

http://www.thetechguide.com/forum/in...howtopic=10984

[Pilli]

Hi Vikorr, I have moved this thread to the privacy section as it is not directly a RegDefend support question.
Process Guard does prevent this sort of .dll injection specifically it protects the AppInit key.
RegDefend can prevent spyware making registry changes for any known malware that may not just use the Appinit key.

Pilli

[Vikorr]

Hi Pilli, not a problem. I just thought the users of RD would find the info interesting

[Pilli]

Regarding AppInit, you will also find that one of RD's default "Extra protection keys" is: hkey_local_machine\software\microsoft\windows nt\currentversion\windows | AppInit_DLLs | None | Mod Value | Ask User

I notice that, amonst others, experts like Tony Klein are now taking an active interest in creating .gst files covering many malware and potential malware keys. This is very good news for all RD and other users as RD is now being used as an expert tool to help fight off these pests.

Pilli

[Vikorr]

Noticed that, and I've added many of their keys.... and after reading many different sites on what registry keys trojans/worms etc manipulate, and finding that the basic + extra keys cover almost all of them...I'm glad for their efforts

I suppose this was of interest to me because the key to prevent dll injection was out of the box (if I remember right), and it's always good to find out what specific protection keys are doing.

[richrf]

Thanks Vikorr for the article and Pilli for your follow-up comments. It is great that experts such as Tony are involved with the product to further solidify RegDefend's ability to pro-actively defend against infections.

"An ounce of prevention is worth a pound of detection/cleaning".

Rich