On Sun, 2003-11-02 at 21:09, Valdis.Kletnieks@vt.edu wrote: > On Mon, 03 Nov 2003 12:23:06 +1300, Nick FitzGerald > <nick@virus-l.demon.co.uk> said: > > Finding the actual location of the startup folder was beyond the > > exploit because it was running in an environment that could not query > > the registry or other system APIs that would reveal the location. Actually, I think it was beyond the knowledge of the exploit writer. :) > And for bonus points, explain how you fix the scheme so the poor sysadmin who > has to run stuff at startup is able to find the folder, but an exploit running > with 'administrator' or 'system' can't find it? Sure. %SYSTEMROOT%. %WINDIR%, or %USERPROFILE% should work just fine for most cases of scripting and such. Of course viruses and other malware can use the same environment vars. I guess the writers of these annoyances didn't think that far.... lucky us :) Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part