Video Screencast Help

virus attack on registry

Created: 07 Mar 2013 • Updated: 29 Mar 2013 | 7 comments
This issue has been solved. See solution.

it's nly for knowledgebase i need to confirm that virus is attack on registry files?

what impact?

Comments 7 CommentsJump to latest comment

_Brian's picture

A virus can change or delete crucial registry files. Most of the time it add a startup registry key for itself to start every time the PC is booted up.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

W007's picture

Yes virus can be impact registry file.

Most common registry key to check while dealing with Virus issue

 

http://www.symantec.com/connect/articles/most-common-registry-key-check-while-dealing-virus-issue

 

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION
SebastianZ's picture

Virus attacks on registry may be designed to tamper the values stored in the registry - as a result depending on the values changed either it can start some of the malware with system start or in most serious cases may cause slow down of the system, corrupt software, etc.

Rafeeq's picture

These are the common load points for viruses on Registry

 

Common loading points for viruses, worms, and Trojan horse programs on Windows 2000/XP/2003

 

http://www.symantec.com/business/support/index?pag...

riva11's picture

Thanks Rafeeq for this info. Even if this doc is not recent , the content is still valid and helpful to understand the impact of a virus attack.

Mithun Sanghavi's picture

Hello,

Yes, Numerous threats attack SEP in an attempt to gain access to protected machines.

You could Harden Symantec Endpoint Protection (SEP) with an Application and Device Control Policy to increase security and this Protects Symantec Endpoint Protection files and registry keys

http://www.symantec.com/docs/TECH132337

 This rule set protects SEP's registry keys, files, processes and services from outside interference.  Enabling this rule could interfere with any non-Symantec products that attempt to integrate with SEP.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

cus000's picture

What impact?

A lot ... certains thing could be disabled, changed or even deleted?

 

Most common is to add persistent effect to the the malware itself or disabling task manager and right click at folders..