tag:blogger.com,1999:blog-9518042.post7713736974342905273..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: LinksUnknownnoreply@blogger.comBlogger5125tag:blogger.com,1999:blog-9518042.post-23156185844012216762013-11-02T15:19:52.280-05:002013-11-02T15:19:52.280-05:00I'd be happy to take about both...contact me a...I'd be happy to take about both...contact me at keydet89 @ yahoo dot com and let me know what works for you.H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-6190559757281573982013-11-02T12:26:37.753-05:002013-11-02T12:26:37.753-05:00Let me know if you want to discuss Windows 8 and 8...Let me know if you want to discuss Windows 8 and 8.1. There are lots of changes under the hood. <br /><br />Also, I have seen some things in the registry code that I would like to discuss with you.<br /><br />Troy<br />Troy Larsonhttp://www.microsoft.comnoreply@blogger.comtag:blogger.com,1999:blog-9518042.post-19914067018957162802013-10-28T10:59:31.607-05:002013-10-28T10:59:31.607-05:00Yes thank you.
Yes thank you.<br />Tomhttps://www.blogger.com/profile/08077871315263939200noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-87394187542566211442013-10-28T10:33:55.078-05:002013-10-28T10:33:55.078-05:00Tom,
What I'm saying is that malware that cre...Tom,<br /><br />What I'm saying is that malware that creates a value beneath the HKCU\..\Run key does not, in fact, start up again (i.e., persist) when the system is restarted. Rather, the malware will start the next time that user logs in.<br /><br />I hope that helps.H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-23482056272472041382013-10-28T10:30:59.982-05:002013-10-28T10:30:59.982-05:00Harlan,
I was wondering if you could clarify this ...Harlan,<br />I was wondering if you could clarify this one statement:<br /><br />"One example that I see time and time again is malware that creates persistence in the HKCU\..\Run key, and the report stating that the malware does this to start again when the system boots. This simply isn't the case, but it's stated on the Microsoft MMPC site, as well as by other malware analysts, often enough that it's simply accepted as "fact"."<br /><br />So are you saying that people just state that malware has put something in this key for persistence without verifying that it's actually the case, or that this particular key does not create persistence if something is placed there, contrary to the Microsoft MMPC site, etc?<br /><br />I'm not clear on what you are saying with these two sentences.<br /><br />Thanks....Tomhttps://www.blogger.com/profile/08077871315263939200noreply@blogger.com