02-24-2014, 04:33 PM | #1 |
Junior Member
Join Date: Feb 2014
Posts: 2
|
Autorun Regkey to C:\users\...\Appdata\Roaming\
I'm seeing a case on a client machine with an ASEP reg key pointing to "NoConoleExe.exe" in C:\users\...\Appdata\Roaming\DisplayLink\DLsetup.
key: runfile hive: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run value: C:\Users\xxxx\AppData\Roaming\DisplayLink\DLsetup\ NoConsoleExe.exe This does not seem normal to me. They key name is right, but the fact that it got installed into appdata\roaming is troublesome. Is this normal? I haven't seen it before and can't turn up anything on the web. Everything tells me it should be pointing to C:\program files\... I'm concerned it's malware spoofing a commonly installed program such as displaylink. |
|
|