To avoid this one should update this DWORD registry entry:
There is a search order which is used when an application requests a DLL.[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Control \Session Manager]
ProtectionMode=1 (Disabled = 0, Enabled = 1)
Note WinNT4 need to have SP5 installed before this registry entry works.
More Info MS KB218473
More Info MS KB222159
More Info MS KB244995
More Info MS KB253821
- Look in the application folder
- Look in the current working folder (Dangerous)
- Look in the system folder
- Search through the system PATH
Note when launching an application using Run... from the Start-menu, then it will also use the search order above to find the application executable. But it applies an extra step before searching through the system PATH, which is to look in the user home folder. Make it ignore the home-path by setting this DWORD registry key:[HKEY_LOCAL_MACHINE \System \CurrentControlSet \Control \Session Manager]
SafeDllSearchMode = 1 (Win2k/WinXP Default = 0, WinXP SP1/Win2k3 Default = 1)
Note Win2k need to have SP3 installed before this registry entry works.
More Info MS KB306850
Instead of ignoring the homepath, then one can configure it to first search the system path, and then look in the home-path:[HKEY_CURRENT_USER \Software \Microsoft \Windows \CurrentVersion \Policies \Explorer]
StartRunNoHOMEPATH = 1 (Default - 0)
More Info MS KB264061
Credits jsifaq.com[HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Control \Session Manager]
SafeProcessSearchMode = 1 (Default = 0)
More Info MS KB905890
Leave a Reply