Re: "Free" program changes registry key...

From: Fishface (invalid@ddress.ok?)
Date: 11/09/02 

From: "Fishface" <invalid@ddress.ok?>
Date: Fri, 8 Nov 2002 19:13:20 -0800

Torgeir Bakken (MVP) wrote:
> Fishface wrote:
>
> > A "free" download manager program called "FreshDownload" changed the
> > following key:
> >
> > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG
> >
> > I have a feeling this is not good. Is this an acceptable thing for it to do?
> > Thanks for any help!
>
> Hi
>
> If my memory serves me right from all my SW install surveillance I have done,
> this value *always* changes.

I just discovered that you are correct. I used the PC Magazine utility InCtrl5
to monitor installation.I checked some other reports, and the key always
changes. Actually, the item changed was a binary value called "seed". I had
never noticed this as I hadn't been suspicious of the software. Viewing the
imports in the executable with QuickView made me suspicious as the function
names were all scrambled, but it may have been compressed with an exe
compressor. I checked and upx scrambles the names...

I haven't been able to find much information on what this key is Anyway,
I set it back to what it was previously, just in case. Thanks for the reply!

FF

I left the quote in case someone is searching for all those keywords together.
I hadn't previously included "seed."