Tony Klein's RD standard file hates wallpapers?

Discussion in 'Ghost Security Suite (GSS)' started by paperinik3, Feb 12, 2006.

Thread Status:
Not open for further replies.
  1. paperinik3

    paperinik3 Registered Member

    Joined:
    Aug 10, 2003
    Posts:
    90
    Hi, I downloaded and installed Tony Klein's standard RD file and received the message: "an error occurred while changing desktop wallpaper". Then RD told me : "wallmast.exe (that is the program which changes my wallpapers) was blocked from modifying a protected registry value".This is curious because with my old RD standard file I never have given to wallmaster privileges of any kind nor had problems of any kind. Anyway, I have added a rule giving to Wallmaster the necessary permissions - but still RD blocks it. I am attaching a screenshot - did I something wrong ?
     

    Attached Files:

    Last edited by a moderator: Feb 12, 2006
  2. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    First of all, we need to protect the wallpaper value from being modified against your will.

    Lots of the more recent malware do that; some examples:

    http://www.symantec.com/avcenter/venc/data/pf/trojan.desktophijack.html
    http://vil.nai.com/vil/content/Print99294.htm

    My gsrfile has app rules that allow Iexplore and Rundll32 to modify that value.

    I can obviously not provide rules for software I don't have installed myself, which is why RegDefend allows you to create App rules specificically designed to allow software on your particular system to modify registry keys and values that are protected through the Global rules groups.

    So what you now need to do, is add a rule in your newly created Wallmaster App group that will allow Wallmaster to modify that "wallpaper" value.

    Your log file provides the answer. As you can see, the Wallmast application is being blocked from modifying the "wallpaper" value in HKEY_CURRENT_USER\Control panel\Desktop

    So please first remove the rule for Wallmast you created in the Wallmast App group. Next, still in the Wallmast group, press Add Rule, and paste this into the key field:

    HKEY_CURRENT_USER\Control panel\Desktop*

    In the "value" field, type "wallpaper" (without the quotes)

    Tick the set value box and you should be fine.

    Good luck!
     
  3. paperinik3

    paperinik3 Registered Member

    Joined:
    Aug 10, 2003
    Posts:
    90
    It works, it works! Thank you very much indeed, Tony and best regards
     
  4. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    You're very welcome, glad to help.

    Happy tweaking! ;)


    Cheers,
     
Thread Status:
Not open for further replies.