fenix1792
02-24-2014, 05:33 PM
I'm seeing a case on a client machine with an ASEP reg key pointing to "NoConoleExe.exe" in C:\users\...\Appdata\Roaming\DisplayLink\DLsetup.
key: runfile
hive: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
value: C:\Users\xxxx\AppData\Roaming\DisplayLink\DLsetup\ NoConsoleExe.exe
This does not seem normal to me. They key name is right, but the fact that it got installed into appdata\roaming is troublesome.
Is this normal? I haven't seen it before and can't turn up anything on the web. Everything tells me it should be pointing to C:\program files\...
I'm concerned it's malware spoofing a commonly installed program such as displaylink.
key: runfile
hive: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
value: C:\Users\xxxx\AppData\Roaming\DisplayLink\DLsetup\ NoConsoleExe.exe
This does not seem normal to me. They key name is right, but the fact that it got installed into appdata\roaming is troublesome.
Is this normal? I haven't seen it before and can't turn up anything on the web. Everything tells me it should be pointing to C:\program files\...
I'm concerned it's malware spoofing a commonly installed program such as displaylink.