Acknowledgments
Development of Silent Runners has been admirably assisted by some extremely competent individuals
(listed in alphabetical order):
Victor Alter - suggested the procedure to compare two script output files with
ExamDiff.
Vesselin Bontchev - has tirelessly suggested additional keys to check,
has relentlessly discovered bugs, and has made innumerable suggestions to improve output.
His web site can be found here.
Francis Favorini - provided information that was essential to understanding how the
“HKLM/HKCU… Active Setup\Installed Components\” sub-keys work.
His professional experience is summarized
here.
Rossano Ferraris - initiated the development of a simple, scripted solution to
CoolWebSearch infection and was the first to suggest examination of Group Policy values affecting
Active Desktop and Display. His persistence, patience, and cooperation are exemplary.
Peter Ferrie - used his impressive reverse-engineering skills to confirm the code used by Windows to disable
a Scheduled Task and demonstrated that HKLM… Explorer\ShellExecuteHooks\ can serve as a launch point. He was also
the impetus to getting the script to examine WPD (Windows Portable Device) Autoplay Handlers and he helped immeasurably to
understand how this launch point is interpreted by Windows. Peter also advised about the IniFileMapping launch
mechanism. His web site can be found here.
Mike Mitchell - was the first to suggest that the script include the Group Policy entries for
startup/shutdown/logon/logoff scripts. His web site can be found here.
Geert Moernaut - suggested several launch points, including HKLM…Winlogon\VmApplet
and HKLM…Session Manager\Execute. Geert maintains the
Runscanner launch point analyzer.
His personal web site can be found here.
Gonzalo Santizo - prompted the discovery of the
Windows 2000 submerged subkeys anomaly.
|
|