Software Registry: is "Advanced INF" legit Explorer?

• Previous message: Security Alert: "SSRT051004 rev.1 - HP-UX Java Runtime Environment (JRE) Untrusted Applet Elevates Privilege"
• Next in thread: Carey Frisch [MVP]: "Re: Software Registry: is "Advanced INF" legit Explorer?"
• Reply: Carey Frisch [MVP]: "Re: Software Registry: is "Advanced INF" legit Explorer?"
• Reply: Volker Birk: "Re: Software Registry: is "Advanced INF" legit Explorer?"
• Maybe reply: Volker Birk: "Re: Software Registry: is "Advanced INF" legit Explorer?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 6 Oct 2005 16:46:04 -0700

Lately I've been having a lot of adware entering the system, trying to
install the common round of searchbars, popups and the like. There's
been a number of attempts to hijack the Internet Explorer startpage,
and I know at some points the msiexec.exe process has been used for
this ( i haven't modified the browser myself or installed any MS
updates for some time). I try to keep the malware at bay with Norton
Firewall /Antivirus, Adaware and so far I've avoided really grave
attacks.
The other day I had a look at the registry and deleted some keys that
were obvious adware, but registry is a place where you need to know
exactly what you're doing and I'm not a software pro...

Now, next I found dozens of keys under the line HKEY_LOCAL_MACHINE
Software\Microsoft\Advanced INF Setup. Some seemed limited in scope and
not really part of the ordinary Internet Explorer registry. I ran a
registry scan afterwards with Norton and had it delete a few other keys
I was positive was adware. Tonight, when I just checked the registry
again, some of these suspect keys I'd spotted seemed to be gone, others
still there. Although they were stored under Microsoft, this would be
an ordinary spot for any intruding adware, wouldn't it? Is this
(HKEY_LOCAL_MACHINE Software\Microsoft\Advanced INF Setup) a default
registry class for matters dealing with integration of Explorer with
different kinds of multimedia, or is it a place primarily "used" to
lodge spyware and adware? And just what does "Advanced INF" mean here?

Hope to get enlightened on this,
/Michelle

Main software specs:

Windows XP Pro + Service Pack 1
Internet Explorer 6
Opera 7 (second browser)
Acrobat 6 Pro & Acrobat Reader

• Previous message: Security Alert: "SSRT051004 rev.1 - HP-UX Java Runtime Environment (JRE) Untrusted Applet Elevates Privilege"
• Next in thread: Carey Frisch [MVP]: "Re: Software Registry: is "Advanced INF" legit Explorer?"
• Reply: Carey Frisch [MVP]: "Re: Software Registry: is "Advanced INF" legit Explorer?"
• Reply: Volker Birk: "Re: Software Registry: is "Advanced INF" legit Explorer?"
• Maybe reply: Volker Birk: "Re: Software Registry: is "Advanced INF" legit Explorer?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]