Autorun Regkey to C:\users\...\Appdata\Roaming\

fenix1792 · 02-24-2014, 04:33 PM

I'm seeing a case on a client machine with an ASEP reg key pointing to "NoConoleExe.exe" in C:\users\...\Appdata\Roaming\DisplayLink\DLsetup.

key: runfile
hive: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
value: C:\Users\xxxx\AppData\Roaming\DisplayLink\DLsetup\ NoConsoleExe.exe

This does not seem normal to me. They key name is right, but the fact that it got installed into appdata\roaming is troublesome.

Is this normal? I haven't seen it before and can't turn up anything on the web. Everything tells me it should be pointing to C:\program files\...

I'm concerned it's malware spoofing a commonly installed program such as displaylink.

02-24-2014, 04:33 PM	#1
fenix1792 Junior Member Join Date: Feb 2014 Posts: 2	Autorun Regkey to C:\users\...\Appdata\Roaming\ I'm seeing a case on a client machine with an ASEP reg key pointing to "NoConoleExe.exe" in C:\users\...\Appdata\Roaming\DisplayLink\DLsetup. key: runfile hive: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run value: C:\Users\xxxx\AppData\Roaming\DisplayLink\DLsetup\ NoConsoleExe.exe This does not seem normal to me. They key name is right, but the fact that it got installed into appdata\roaming is troublesome. Is this normal? I haven't seen it before and can't turn up anything on the web. Everything tells me it should be pointing to C:\program files\... I'm concerned it's malware spoofing a commonly installed program such as displaylink.