In today’s battle with malware,I learned a couple of interesting new places in the registry to check:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Place a key in here named after the file you want to prevent running,then place a STRING value under the key named “debugger”. Now,set the value of “debugger”to cmd,[...]