Re: Avira finds hidden registry entries

Author	All Replies
bcastner Premium,VIP,MVM join:2002-09-25 Chevy Chase, MD clubs: ·Verizon Online DSL 1 edit	reply to BlaZe X Re: Avira finds hidden registry entries Since there is no reference to a PE type of file, the entry is harmless. It looks to me to be a lookup table. For example, I might use the registry as a scratchpad to hold configuration settings. It most assuredly is not a rootkit reference, and most assuredly is not an active threat. There is not there, there. The fact that it is hidden is the only interesting thing about it; but there is nothing particularly interesting about that either. If I was using the registry to record, say GUI settings, I likely would hide it so that all those who love to run registry cleaners did not zap the parameter lookup table storage area. Without a PE reference, there is no harm and no foul. Take the CLSID: {EB763CD6-EB61-CF33-466E-3849D06F1F61} And use that value to search HKLM and HKCU to see if there are additional entries that lead to something intelligible. -- ============ MS-MVP 2004 - -2008, ASAP Member *Users Helping Users*
	to forum · permalink · · 2008-04-24 11:28:15 ·
BlaZe X join:2001-08-07 Brooklyn, NY	I've searched for that value, there are no other entries that point to anything. I will take your word that its probably not a rootkit and i'm just being a little too paranoid about it. thanks for the help.
BlaZe X join:2001-08-07 Brooklyn, NY	to forum · permalink · · 2008-04-24 16:00:42 ·
Trel Good Evening Premium join:2002-10-08 Hillsborough, NJ	reply to bcastner said by bcastner : Since there is no reference to a PE type of file, the entry is harmless. It looks to me to be a lookup table. For example, I might use the registry as a scratchpad to hold configuration settings. It most assuredly is not a rootkit reference, and most assuredly is not an active threat. There is not there, there. The fact that it is hidden is the only interesting thing about it; but there is nothing particularly interesting about that either. If I was using the registry to record, say GUI settings, I likely would hide it so that all those who love to run registry cleaners did not zap the parameter lookup table storage area. Without a PE reference, there is no harm and no foul. Take the CLSID: {EB763CD6-EB61-CF33-466E-3849D06F1F61} And use that value to search HKLM and HKCU to see if there are additional entries that lead to something intelligible. What do you mean when you say PE? I'm not familiar with that term in this context.
	to forum · permalink · · 2008-04-24 17:38:11 ·
bcastner Premium,VIP,MVM join:2002-09-25 Chevy Chase, MD clubs:	PE = "Portable Executable" »en.wikipedia.org/wiki/Portable_Executable Sorry for the use of jargon.
	to forum · permalink · · 2008-04-24 18:53:40 ·


Friday, 27-Nov 03:52:33	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF