Garbage Entry
drunkardswalk_at_earthlink.net
Date: 01/31/04
- Next message: Carey Frisch [MVP]: "Re: msblast virus"
- Previous message: Neil: "Please assist with odd error message"
- Next in thread: Marco: "Re: Garbage Entry"
- Reply: Marco: "Re: Garbage Entry"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 Jan 2004 18:05:50 -0700
Some time back I ran across a registry entry on one machine under
HKLM\Software in which the key and all its subkeys were apparently garbage.
Now, two things immediately occurred to me. One, this might be a Trojan or
virus hiding itself; and two, it might not be garbage, but encrypted material,
possibly legitimate. I run with FIPS 140 enabled, and certificates set up
correctly, but don't have anything (so far as I know) encrypted under EFS.
Besides, EFS doesn't stash anything like this in the Local Machine hive, so
far as I'm aware, anyway.
Anyone able to give me a tell on this one? I know of no valid registry key
that looks like this. All of the subkeys are apparently garbage in both the
name and value sections. I exported the key and deleted it from the registry
with no apparent ill effects. I'd post the exported key for examination, but
not without knowing what its contents actually are, as you can all well
understand.
Thanks in advance for any help anyone can offer.
Reid Sweatman
Elder Orangutan what's in Charge of da Code Monkeys
- Next message: Carey Frisch [MVP]: "Re: msblast virus"
- Previous message: Neil: "Please assist with odd error message"
- Next in thread: Marco: "Re: Garbage Entry"
- Reply: Marco: "Re: Garbage Entry"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
