I had loads of entries on my Ad-Aware scan today, but the following was listed as a TAC level 3 vulnerability.
HKEY_CLASSES_ROOT: scrfile\shell\open\command"" ("c:\programfile\internetexplorer\iexplore.exe" %1)
It seems odd for Ad-Aware to list IE as a vulnerability, but "scrfile" seems to indicate some sort of screensaver. Google turns up literally nothing, any ideas?
Is this an exact quote, or you typing from memory?Originally Posted by Ruggerbugger
Because that's not a legitimate path for IE... it should be under "C:\Program Files\Internet Explorer".
It looks like a file type association rather than an autorun process - so when you right-click a file of that type it will either default to IE or present it in the "Open with..." sub-menu.
What AV are you running?
~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3
It should read programfiles nog programfile. Otherwise it's the exact description. I'm running Kaspersky as my AV, a recent scan turned up no infections.
I use IE on the desktop (where this error is) and Firefox on the laptop. I might download Firefox for the desktop, quarantine that file and see what happens.
Please double-check the exact string - including spaces.
Do you have any 3rd party screensavers installed?
Or maybe a toolbar which bundled some such junk on your system?
I can't quite see why Internet Explorer would be associated with a .SCR file and accept 1 argument, which would be the file name itself, as this is what would happen:
Filename C:\Windows\BOB.SCR is a screensaver.
User double-clicks BOB.SCR and the system looks at the file associations to find out what the default action is for files of type ".SCR" (HKEY_CLASSES_ROOT\.scrfile\shell\open\command)
System takes the string specified ("C:\Program Files\Internet Explorer\iexplore.exe") and adds the filename to it, then executes this string.
So what you end up running is:
"C:\Program Files\Internet Explorer\iexplore.exe" "C:\Windows\BOB.SCR"
This would feed the file to IE which would then try to parse its file type, and either run it anyway or ask you if you want to save or run it.
I think the default value for the registry setting should read:
"%1" /S
(including quotes)
~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3
OK Paul, I'll check that tomorrow.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote