{"id":10965,"date":"2013-12-26T14:31:19","date_gmt":"2013-12-26T22:31:19","guid":{"rendered":"http:\/\/37prime.wordpress.com\/?p=10965"},"modified":"2013-12-26T14:31:19","modified_gmt":"2013-12-26T22:31:19","slug":"the-malware-that-doesnt-take-no-for-an-answer","status":"publish","type":"post","link":"https:\/\/37prime.com\/news\/2013\/12\/26\/the-malware-that-doesnt-take-no-for-an-answer\/","title":{"rendered":"The Malware that doesn’t take “No” for an answer."},"content":{"rendered":"

Thursday morning, the day after Christmas 2013 I received a call from someone who needed help. “Fred” callously clicked on an attachment from a phising email purporting from Amazon.com.<\/p>\n

After that, he kept seing Windows User Account Control (UAC) asking for confirmation to load some executable file.<\/p>\n

Clicking “No” did not really help because UCA kept popping up subsequently.<\/p>\n

\"IMG_0456\"<\/p>\n

I booted Windows 7 into “Safe Mode with Command Prompt” and launched Registry Editor (regedit.exe).<\/p>\n

I located load command in the registry.<\/p>\n

ComputerHKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWindows”<\/p><\/blockquote>\n

delete the content from the “Load” key.<\/p>\n","protected":false},"excerpt":{"rendered":"

Thursday morning, the day after Christmas 2013 I received a call from someone who needed help. “Fred” callously clicked on an attachment from a phising email purporting from Amazon.com. After that, he kept seing Windows User Account Control (UAC) asking for confirmation to load some executable file. Clicking “No” did not really help because UCA … <\/p>\n

Continue reading “The Malware that doesn’t take “No” for an answer.”<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[3,4],"tags":[1966,2648,3039,3064,3216],"class_list":["post-10965","post","type-post","status-publish","format-standard","hentry","category-journal","category-news","tag-malware","tag-security","tag-troubleshooting","tag-uac","tag-windows"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pcNtU-2QR","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/posts\/10965","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/comments?post=10965"}],"version-history":[{"count":0,"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/posts\/10965\/revisions"}],"wp:attachment":[{"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/media?parent=10965"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/categories?post=10965"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/37prime.com\/news\/wp-json\/wp\/v2\/tags?post=10965"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}