2
Came accross a client with a badly virus infected computer.
One virus prevented the running of all programs except for those that the virus choose to allow.
Googling showed me how this might be done in respect of .exe programs but this virus also prevented .com programs running.
Strictly speaking I don't want to be able to do this myself, however I do want to know how it might be achieved and thereby how to this undesirable effect.
I assume that the trick will involve registry changes and therefore it might be possible to undo it by using regedit to work on the hard disk removed and attached to a correctly functioning PC. Would open the necessary file using open hive commands.
Any ideas?
Forgot to mention that the version of windows being run is Windows Home. It seems that the professional version is needed to run the group policy management console. Or can this be achieved indirectly via the registry anyway and if so how?
How exactly did this prevention manifest? Did you get an error when double-clicking? When starting it in cmd.exe? When passing it to CreateProcess? – None – 2009-09-09T12:00:14.403
When attempting to run a .exe or .com file not on the list a dialog was presented asking what to open the program file with and suggesting that it could be opened with Notepad etc..
Odd dialogs also came up during start-up suggesting that exe and dll files could not be located. – None – 2009-09-09T16:39:32.280