Table of Contents
Origin:
Principle:
For the moment, I have no more information on the action taken by the malware process who settled under the key “ShellIconOverlayIdentifiers” and their operation of this feature. All I can say is that it is related to the icon overlay Manager (Icon Overlay Handler) and that this will display an icon overlay on an object to provide additional information. Forexample Dropbox uses this overlay to show whether or not the icons are synchronized. (See the screenshot on the link given in the documentation)
Sample :
— ShellIconOverlayIdentifiers (SIOI) (8) – 0s
O106 – SIOI: Acronis True Image Shell Sync Error Icon Overlay Extension – {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}. (.Acronis – Acronis True Image Shell Extensions.) — C:Program FilesAcronisTrueImageHometishell.dll ©
O106 – SIOI: Acronis True Image Shell Sync In Progress Icon Overlay Extension – {00F848DC-B1D4-4892-9C25-CAADC86A215D}. (.Acronis – Acronis True Image Shell Extensions.) — C:Program FilesAcronisTrueImageHometishell.dll ©
O106 – SIOI: Acronis True Image Shell Sync Ok Icon Overlay Extension – {71573297-552E-46fc-BE3D-3DFAF88D47B7}. (.Acronis – Acronis True Image Shell Extensions.) — C:Program FilesAcronisTrueImageHometishell.dll ©
O106 – SIOI: Enhanced Storage Icon Overlay Handler Class – {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation – DLL d’extension d’environnement de stockage.) — C:WindowsSystem32EhStorShell.dll ©
O106 – SIOI: Sharing Overlay (Private) – {08244EE6-92F0-47f2-9FC9-929BAA2E7235}. (.Microsoft Corporation – Extensions de l’interpréteur de commandes p.) — C:WindowsSystem32ntshrui.dll ©
O106 – SIOI: avast – {472083B0-C522-11CF-8763-00608CC02F24}. (.AVAST Software – avast! Shell Extension.) — C:Program FilesAVAST SoftwareAvastashShell.dll
O106 – SIOI: DropboxExt1 Class – {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}. (.Dropbox, Inc. – Dropbox Shell Extension.) — C:Usersvan den BergAppDataRoamingDropboxbinDropboxExt.27.dll
O106 – SIOI: Groove Explorer Icon Overlay 4 (GFS Unread Mark) – {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}. (.Microsoft Corporation – Microsoft SharePoint Workspace Extensions.) — C:Program Files (x86)Microsoft OfficeOffice14GROOVEEX.DLL
Feedbacks:
As usual, each new module, it takes some processing time for ZHPDiag or ZHP qualify these lines on the basis of users or helpers feedbacks.
Documentation:
Microsoft How to Register Icon Overlay Handlers
.NET Shell Extensions – Shell Icon Overlay Handlers – Dropbox