Important Autoruns question: IE Image Hijack!

Hi, I’ve seen in my Autoruns that Internet explorer is listed in Image Hijacks, though I don’t see any other program listed anywhere that could be hijacking it (like it seems should be the case from here in the Image Hijack section).
In fact when I go to the registry entry listed below, there’s only one value:
“C:\Program Files\Internet Explorer\IEXPLORE.EXE” -nohome

Would anyone know how I could find out why IE is considered to be Image Hijacked?

Thank you very much!

that’s afaik default entry, Autoruns don’t show only bad things , it shows everything including the usual …

You’re saying everyone has IE listed in their Autoruns as being Image Hijacked?

Nope it is the wording of that tab … If you could expand it, it would say "these are the main areas where you would be likely to see a hijacked item "

I’m not sure I understand, what should I expand?

Nope basically that is what that tab means… My own wording

So is there a way for me to find out why IE is listed as Image Hijacked?

It is not hijacked …

That’s good.

Do you know why it’s listed as such?

All that is saying is this is the place to look for hijacks that is all not that you have one

By telling me IE is hijacked that’s how they show that this is the tab to look for Image Hijacks? I don’t understand.

If you do not know the purpose of a tool then it would be best not to use it

[b][i]http://www.howtogeek.com/school/sysinternals-pro/lesson6/all/[/i][/b]

Image Hijack

If you read our second lesson about Process Explorer, you would have learned that you can replace Task Manager with Process Explorer, but you probably had no idea how this actually happens, much less that malware can and does use the same technique to hijack applications on your computer.

You can set a number of settings in the registry that control how things are loaded, including hijacking all executables and running them through another process, or even assigning a “debugger” to any executable — even if that application is not a debugger.

Essentially, you can assign values in the registry so that if you try to load notepad.exe, it will load calc.exe instead. Or any application can be swapped out and replaced with another application. This is one of the ways that malware blocks you from loading MalwareBytes or other anti-malware tools.

http://cdn3.howtogeek.com/wp-content/uploads/2014/03/img_5338db0d82675.png

You can see it for yourself — on the left-hand side is the name of the executable, and on the right-hand side the “Debugger” key is set to the instance of Process Explorer that is running off my desktop. But you can change that to anything you want on either side and it will work. It would probably make a great prank that almost nobody would ever be able to figure out.

http://cdn3.howtogeek.com/wp-content/uploads/2014/03/img_5338f7a200c36.png

If you see anything in the Image Hijacks tab other than the values for Process Explorer, you should immediately disable them.

Please enlighten me on what I’m missing.

The original screenshot tells you that IE will be the programme to open html files… as expected

USING SYSINTERNALS TOOLS LIKE A PRO / HOW-TO GEEK SCHOOL
http://www.howtogeek.com/school/sysinternals-pro/lesson6/all/

Exactly the article I linked to, multiple times in this thread.

So what programme do you wish to open html files ?

I never indicated that I wish to use any. I don’t use HTML files.

Though I just created a new sample file and attached a screenshot of it to show you which program HTML files have been linked to till now.

The internet uses html … the vast majority of web pages are that format

HyperText Markup Language, commonly referred to as HTML, is the standard markup language used to create web pages. Web browsers can read HTML files and render them into visible or audible web pages.