Re: Garbage Entry
From: Marco (tired.of.spam)
Date: 01/31/04
- Next message: Marco: "Re: Limited accounts can't run Internet Explorer"
- Previous message: Marco: "Re: User Permisions"
- In reply to: drunkardswalk_at_earthlink.net: "Garbage Entry"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 31 Jan 2004 08:59:34 +0100
I would run a virus scan and run regmon (www.sysinternals.com) to see if any
app tries to read/write to these keys.
-- Execute applications with elevated privileges [ www.neovalens.com ] -- <drunkardswalk@earthlink.net> wrote in message news:rcvl10pd3r2js9bclv11dt0o9atnoj036l@4ax.com... > Some time back I ran across a registry entry on one machine under > HKLM\Software in which the key and all its subkeys were apparently garbage. > Now, two things immediately occurred to me. One, this might be a Trojan or > virus hiding itself; and two, it might not be garbage, but encrypted material, > possibly legitimate. I run with FIPS 140 enabled, and certificates set up > correctly, but don't have anything (so far as I know) encrypted under EFS. > Besides, EFS doesn't stash anything like this in the Local Machine hive, so > far as I'm aware, anyway. > > Anyone able to give me a tell on this one? I know of no valid registry key > that looks like this. All of the subkeys are apparently garbage in both the > name and value sections. I exported the key and deleted it from the registry > with no apparent ill effects. I'd post the exported key for examination, but > not without knowing what its contents actually are, as you can all well > understand. > > Thanks in advance for any help anyone can offer. > > Reid Sweatman > Elder Orangutan what's in Charge of da Code Monkeys
- Next message: Marco: "Re: Limited accounts can't run Internet Explorer"
- Previous message: Marco: "Re: User Permisions"
- In reply to: drunkardswalk_at_earthlink.net: "Garbage Entry"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
