I'm looking to write a procedure to look for Browser Hijacks. The current wave of fake spyware is blowing trhough all of the KES and firewall products.
What I want is to see if the browser Shell Open Command has been sert to something other then the default, it so set an alert/alarm (can be via email) and possiblely put it back.
Anyone have such a script? I'm also looking for someone to write scripts for me on an On Demand basis. So often I know what I want but don't have the time to work out the syntax.
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\""
FirefoxHKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\ “C:\Program Files\Mozilla Firefox\firefox.exe”