Windows Image Threat (IFEO) Symptoms and Prevention

1. What is Image Threat (IFEO)

IFEO is the abbreviation of Image File Execution Options
It is located in the registry
HKEY_LOCAL_MACHINE\\ SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options
Since this item is mainly used to debug programs, it is of little significance to the average user, but this is the place that viruses like to use.

Second, the symptoms of windows image hijacking
Basic symptoms: a normal program, no matter where it is placed, or a program re-installed with the installation disk, it can not run or is like Running A becomes execution B, but it can be run normally after renaming.

III. Specific examples of image threats

We can see the power of this technology! A lot of killing soft processes and some auxiliary killing software or tools are all threatened, causing all the killing software to fail or running the A program into the B program!

Fourth, how to solve and prevent IFEO

Method 1: Change the permissions
To modify the Image File Execution Options, you must have permission, so we change the permissions to limit the virus modification
Open Registry Editor, find HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WindowsNT\\CurrentVersion\\ImageFileExecutionOptions\\
, select the item, right click → permissions → advanced, cancel the write permission of the administrator and system users.

Method 2: Directly delete Image File Execution Options
Oh! If you don't know which programs you want to use, just delete the Image File Execution Options item.