Event submitted by Sang Kim
Event ID:
12013
Source:
EventSentry

Message:
The explorer extension DLL SecretMalwareDLL (using file ieatfiles.dll) was removed from the registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify and will no longer be loaded into explorer.exe.





Solution by Sang Kim

2006-02-20 10:36:24 UTC

This event is logged by EventSentry when an explorer-extension dll file is removed from an autorun registry key.

Software Monitoring monitors autorun registry keys and installed software to notify you of applications that are automatically run when a user logs in or a system boots up.

You can configure this feature at "Packages -> System Health Packages -> Package Name -> Software Monitoring -> Monitor Autorun Locations".



User Information
 
Only an Email address is required for returning users.

Hide Name

Solution

Additional Links